pdf

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt contains examples and usage patterns that embed plaintext passwords in commands and code (e.g., qpdf --password=mypassword --decrypt ..., writer.encrypt("userpassword","ownerpassword")), which would require an agent to place secret values verbatim into generated commands or code — an insecure credential-handling pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly mandates using web search ("If the content is not rich enough, use the web-search skill first" and under "Information Sourcing Requirements" it states "Never invent facts. If unsure, SEARCH immediately. Mandatory search triggers
• You MUST search FIRST"), which requires fetching and interpreting open/public third‑party content that can change the agent's workflow and outputs.