database-lookup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to read API keys from the environment or a .env file (including examples like echo $FRED_API_KEY and loading keys into curl requests), which requires the LLM to handle and embed secret values verbatim in generated commands/requests, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to query 78 public third‑party databases via REST APIs (e.g., PubChem, GEO, ClinicalTrials.gov, Addgene) and to read/interpret and act on the returned raw JSON as part of its core workflow, which clearly ingests open/public third‑party content that could carry indirect prompt injection.