app-rejection-recovery

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The playbook explicitly instructs providing demo account credentials (username/password) verbatim in the Resolution Center response and to always include demo creds, which encourages the agent to request and emit plaintext passwords/credentials in its output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Initial Assessment explicitly requires the user to "paste the full rejection message verbatim" (i.e., the App Store / Play Store reviewer message), which is third-party content the agent must read and interpret to decide fixes and next actions, creating an avenue for indirect prompt injection.