overleaf

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs copying the Overleaf session cookie and embedding it directly in a command line (olcli auth --cookie "YOUR_SESSION_COOKIE"), which requires the LLM to include secret values verbatim in generated outputs/commands, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md and README explicitly instruct using olcli to pull/download projects and compile outputs from overleaf.com (e.g., "olcli pull", "olcli download", "olcli output bbl"), which causes the agent to ingest user-generated Overleaf project files and compile outputs that could contain untrusted instructions influencing subsequent actions.