import

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs obtaining an auth token (via generate_auth_token or user-provided) and embedding it directly into the CLI command (--auth-token {TOKEN}), which requires the agent to handle and output the secret verbatim, creating an exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs running "npx @subframe/cli@latest import -p {PROJECT_ID} --manifest .subframe/import-design-system.json --auth-token {TOKEN}", which fetches and executes remote code from the npm registry at runtime and is required for the upload step, so it meets the criteria for a runtime external dependency that executes remote code.