chase-travel

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly tells agents to ask the user for the Chase SMS 2FA code and then write it into a file using a shell command like echo "12345678" > /tmp/chase-2fa-code.txt, which requires the LLM to handle and output the secret value verbatim (and also relies on user credentials passed as env vars), creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill programmatically logs into and navigates the Chase travel portal (travelsecure.chase.com / ultimaterewardspoints.chase.com / secure.chase.com) and intercepts API responses and page text (see SKILL.md and scripts/search_flights.py and scripts/record_search.py) to parse flight/hotel data and toggle Points Boost, so it ingests third‑party web content that is read and acted on as part of the workflow and could therefore carry instructions that influence subsequent actions.