microsandbox

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and flags that pass secrets directly on the command line (e.g., -e API_KEY=xxx, --secret "OPENAI_API_KEY=sk-xxx@..."), which would require the LLM to embed secret values verbatim in generated commands/outputs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md and the included examples explicitly run network fetches and web scraping (e.g., SKILL.md's example msb exec dev -- python -c "import requests; print(requests.get('https://httpbin.org/ip').json())" and references/examples.md's urllib.request.urlopen('https://example.com')), so the skill expects the agent to fetch and interpret public third‑party web content which could influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The setup script (scripts/setup.sh) runs curl -fsSL https://install.microsandbox.dev | sh, which fetches and immediately executes remote installer code during setup, so the skill depends on and executes external code at runtime.