ingest-url

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). This skill explicitly records the provided/fetched URL verbatim in frontmatter, .manifest.json, and log.md (and may derive info from git remotes), so any API keys, tokens, or credentials embedded in URLs or remotes would be written into the agent's outputs and thus risk exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches third-party web pages (Step 0.5: defuddle; Step 1: WebFetch) and then reads and distills that untrusted page content (Step 4) to compute provenance, affinity, promotion decisions, and to drive page creation/updates (Steps 5–7), so embedded or user-generated webpage text could materially influence agent behavior.