nanomdm

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes and encourages inline use of API keys in commands (e.g., curl -u nanomdm:APIKEY, docker run ... -api APIKEY), which requires the agent to insert secret values verbatim into generated commands/requests, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime handlers explicitly accept and decode untrusted, user-supplied MDM plists (Authenticate, TokenUpdate, CommandResults) via the /mdm and /checkin endpoints (references/http-api.md and references/mdm-protocol.md) and also proxies DeclarativeManagement requests to arbitrary external DM endpoints via the DMHook (-dm URL) (references/architecture.md and service/dmhook/), so third-party content is ingested and can materially influence service behavior.