llm-wiki

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes an explicit example that passes a password on the command line (ob login --email <email> --password '<password>'), which encourages embedding secrets verbatim in commands and risks secret exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md's "Ingest" workflow explicitly instructs the agent to fetch and process arbitrary URLs using web_extract (saving results to raw/articles/), so it will read and act on untrusted public web content that can influence page creation, updates, and subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs creating and enabling systemd service files and even calls out "sudo loginctl enable-linger $USER" (and other system-level setup like global npm installs and service management), which requires elevated privileges and modifies the machine's system state.