rivetkit-client-swiftui

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill's examples and recommendations show embedding tokens directly in endpoint URLs and ClientConfig (e.g., "https://namespace:token@api.rivet.dev", token: "pk_...", params: authToken: "jwt-token"), which encourages including secret values verbatim in generated code or commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly shows the client consuming remote, potentially untrusted actor events/messages (e.g., "Async Event Streams" reading chat.events("message", ...) and "Subscribing to Events" / GameView handling "gameOver") from configured endpoints, which the app reads and uses to change state and behavior.