verify

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's manual auth fallback explicitly instructs the agent to ask the user to paste an sk-dc… API key and then run a command embedding that key as a CLI argument (npx -y deepcitation@latest auth --key '<the-key>'), which requires handling and including a secret verbatim (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md Prepare step (the required "npx ... deepcitation prepare " command and the "Web-search for primary sources" guidance) explicitly fetches and ingests arbitrary public URLs and web content as evidence which the agent must read and act on to generate citations and verification outputs, so untrusted third‑party content can materially influence tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires running the remote CLI via commands like "npx -y deepcitation@latest" which fetches and executes code from the npm registry (e.g. https://registry.npmjs.org/deepcitation), a runtime external dependency that executes remote code and is required for the skill to operate.