socket-inspect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to WebFetch and parse the public socket.dev package page and to query the GitHub API for commit/activity (both open/public third‑party sources), and those parsed results are used directly in the supply‑chain risk assessment and remediation decisions, so untrusted or user‑generated content could influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires running the Socket CLI via npx (which "always fetches the latest version" and therefore downloads/executes remote code from the Socket npm package, e.g. https://www.npmjs.com/package/socket), so this runtime dependency executes externally fetched code.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned the full prompt for literal, high-entropy credentials. The text includes a literal token:

npx socket config set apiToken sktsec_t_--RAN5U4ivauy4w37-6aoKyYPDt5ZbaT5JBVMqiwKo_api

This is not a placeholder (it is a long, random-looking string with a token prefix) and is used directly as an auth token in the CLI setup. Although the doc describes it as a "public demo token" with limited permissions, it is still a real, usable credential embedded in the documentation. Other references (SOCKET_SECURITY_API_KEY, environment variable names, example curl headers) are just variable names or placeholders and contain no actual secret value, so they are ignored.