modal

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt contains examples that embed secrets directly into commands (e.g., export MODAL_TOKEN_SECRET= and modal secret create my-api-keys API_KEY=sk-xxx), which encourages or requires placing actual secret values verbatim into CLI commands or generated output, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs scraping arbitrary public URLs (e.g., the "Web Scraping at Scale" example in references/examples.md which calls httpx.get(url) and parses response.text) and SKILL.md lists "scraping" as a primary use, so the agent will fetch and interpret untrusted third-party web content as part of its workflow.