research

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly instructs calling get-auth-token, extracting the api_key, and exporting it via an export command (export VP_API_KEY="<api_key>"), which requires embedding the secret verbatim in shell commands/output and therefore creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly ingests third‑party user content (e.g., LinkedIn URLs and the "linkedin_posts" / "profiles" enrichments and website_traffic/bombora intent in Steps 3, 4 and 6) so the agent will fetch and interpret untrusted public social/web content that can influence follow-up actions.