overleaf

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the user to copy their Overleaf session cookie and pass it verbatim as a command-line argument (olcli auth --cookie "YOUR_SESSION_COOKIE"), which requires the LLM to handle and potentially output a secret value directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill programmatically fetches and ingests user-generated Overleaf project content (e.g., via commands like "olcli pull", "olcli download", and the client.downloadProject/downloadByPath calls in src/cli.ts) and the CLI/agent uses those files to decide actions (sync, upload, compile), so arbitrary third‑party project content can materially influence tool behavior.