run-posthog

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires retrieving the generated personal_api_key from the in-page setup response and using it verbatim (e.g., in an Authorization: Bearer header) and also references .env op:// 1Password refs, so the agent must handle secret values directly.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The external URL https://downloads.flox.dev/by-env/stable/install.sh is high-risk because it’s a direct remote shell installer (intended to be piped to sudo bash), which is a common malware distribution vector, while the other URLs are localhost development endpoints (not remote download sources).

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs running a sudo installer (curl … | sudo bash), starting/stopping Docker containers, toggling/restarting phrocs-managed processes, and even destructive actions like hogli dev:reset or removing locks — all operations that modify the machine state and can require elevated privileges.