setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs extracting an auth token from the user (or MCP) and embedding it verbatim in generated CLI commands (e.g., --auth-token {TOKEN}), requiring the LLM to output secrets directly.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs the agent/user to run "npx @subframe/cli@latest init ..." at runtime, which fetches and executes remote npm package code that the setup depends on, so this is a runtime external dependency that executes remote code (flagged: npx @subframe/cli@latest).