project-files

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs the agent to include an X-API-KEY header and to "read env vars" and then build/run curl requests, which can cause the agent to substitute and emit the actual API key (or any secrets returned in JSON) verbatim in its output — an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests and displays user-provided project files (via the prepare → upload_url/s3_key → download-url flow) and explicitly instructs the agent to render images and pass file identifiers/s3_keys into downstream generation (see "Agent behavior" and "Workflow B"), which means untrusted third-party content can be read and influence subsequent actions.