mega-code-wisdom-curate

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly requires the agent to "remember" and verbatim-substitute literal values printed by the setup script (including SESSION_ID) into subsequent shell blocks and heredocs, forcing the model to output potentially sensitive session/auth tokens or other secrets exactly as received.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes mega-code wisdom-curate which returns skill records containing pre-signed download URLs (the skills[].url field) that are passed to scripts/install_skills.py and mega_code.client.skill_installer.install_skills at runtime to fetch and install remote skill packages whose SKILL.md and scripts are subsequently read and may be executed or used to drive agent prompts—so the runtime uses external URLs that directly control prompts/behavior and can install/execute code (the flagged URLs are the skills[].url presigned download links returned by the mega-code wisdom-curate call).