agent-job-background

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires passing the user's verbatim into the spawned job, so any secrets the user includes (API keys, tokens, passwords) would be reproduced by the agent and can be exfiltrated.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls runtime endpoints at ${APP_URL}/api/create-agent-job and ${APP_URL}/api/agent-jobs/status (via APP_URL) to create and manage background agent jobs — the create endpoint is required at runtime and causes remote execution (spawning Docker agent containers) while accepting the user's prompt verbatim as the job instruction.