demo-builder

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly asks the user to provide "Any API keys or credentials I should use" and later requires generating runnable demo artifacts and example curl/endpoint usage that would embed those credentials verbatim in code/commands/reports, creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 2 and Phase 5 workflows explicitly require fetching and interpreting public third‑party content (company websites, job postings, GitHub orgs, LinkedIn, news, and community/forum "signal" posts) and uses those findings to decide demo concepts, build actions, and competitor claims, so untrusted user-generated web content could materially influence the agent's behavior.