moviepilot-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly tells the agent to ask the user for a backend API key and then run a command embedding it (node scripts/mp-cli.js -h -k ), which requires including the secret verbatim in output — an insecure pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The CLI explicitly fetches JSON command definitions and runtime results from a configurable remote backend (scripts/mp-cli.js calls ${mpHost}/api/v1/mcp/tools, /tools/{name}, and /tools/call) and the skill workflow (SKILL.md) relies on those remote responses (including torrent/search results from indexer sites) to decide parameters, filter results, and perform downloads, so untrusted third‑party content from the backend can directly influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The script fetches command definitions and executes tool calls at runtime from the configured backend (e.g. ${mpHost}/api/v1/mcp/tools, ${mpHost}/api/v1/mcp/tools/<command>, and ${mpHost}/api/v1/mcp/tools/call), and those responses directly control available prompts/command schemas and are required for the skill to operate.