anygen-slide

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires the agent to output and embed authentication data verbatim (complete auth_url hyperlinks, the fetch_token in a CLI command, and example api_key usage), which forces tokens/keys to be included in generated commands/outputs and therefore risks secret exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls the AnyGen OpenAPI (www.anygen.io) — notably the prepare endpoint and its returned "reply" and "suggested_task_params" — and requires the agent to present those responses verbatim and use the suggested prompt to create tasks, so untrusted third-party responses from AnyGen can directly influence subsequent tool calls and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime scripts repeatedly call the AnyGen OpenAPI at https://www.anygen.io (API_BASE) to run prepare/create/poll/upload operations, and the prepare response supplies suggested "prompt" content that the agent must present and use verbatim—meaning remote content from that URL directly controls prompts and is a required dependency.