photo-agents-autonomous-llm

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes examples that store API keys in config files and show commands/code that echo or print environment/config contents (e.g., echo $PHOTOAGENTS_API_KEY, cat ~/.photoagents/config.json, print(llm_config)), which would cause an agent that executes those steps to read and output secret values verbatim, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md shows the agent performing web browsing and scraping (e.g., CDPBridge.navigate/evaluate/click in "Browser Automation with CDP") and includes an "Autonomous Research Agent" workflow that tells the agent to "Search for recent information" and synthesize findings from web sources, which clearly ingests and acts on untrusted public third-party content.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill exposes powerful actuation (sandboxed bash/PowerShell execution, browser automation, start/stop services, file I/O and self‑evolving skill writing) and even includes explicit privileged commands (e.g., sudo chown/chmod) and service control patterns, so it can change system state and obtain/require elevated privileges.