babeliocli-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the user to copy sensitive cookies and/or passwords into literal command-line flags (e.g., --phpsessid, --bbac, --id-user, or direct password embedding), which would require the agent to include those secret values verbatim in generated commands — a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and parses HTML pages from the public site babelio.com (SKILL.md: "read-only CLI for babelio.com" and "parses HTML pages", including hitting /mabibliotheque.php and importing browser cookies), so it ingests untrusted, user-generated web content that the agent reads as part of its workflow and could influence outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes a one-liner "curl -fsSL https://raw.githubusercontent.com/yoanbernabeu/babeliocli/main/install.sh | sh" which fetches a remote shell script and pipes it to sh (executes remote code) at install/runtime, creating a direct remote-code-execution dependency.