s3-explore

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This prompt instructs the agent to generate SQL "CREATE SECRET" statements that include KEY_ID/SECRET/ENDPOINT values inline (and to ask users for credentials), which forces the LLM to emit secret values verbatim and enables exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and previews content from arbitrary S3/R2/GCS/MinIO URLs (see SKILL.md Step 2: listing via read_blob('/*') and previews with DESCRIBE / SELECT ... FROM '' LIMIT 20), so untrusted public or user-provided object storage data is ingested and used to drive queries and agent decisions.