audn-agent-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to ask users for secrets (e.g., the phone verification code and potentially API keys) and then embed those values verbatim in JSON requests, which requires the LLM to handle/output secret values directly and creates exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly contacts user-supplied external model endpoints during Text Agent Setup and Verification (e.g., the api_url and POST /api/agents/verify-text flows) and parses/uses the API responses (response_preview, response_path) as part of its workflow, which exposes it to untrusted third-party content that could embed instructions.