openobserve-api

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly shows and encourages embedding plaintext credentials into curl commands (e.g., -u "you@example.com:PASSWORD" and Authorization: Basic $TOKEN, AUTH="-u you@example.com:PASSWORD"), which requires the agent to accept and output secret values verbatim and therefore creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md "Retrieval First" section explicitly instructs the agent to fetch public GitHub docs and server source (e.g., via gh api repos/openobserve/openobserve-docs/... and gh api repos/openobserve/openobserve/...) and to use those live, third‑party files to shape API calls and behavior, so untrusted external content can materially influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs runtime retrieval of remote repository content (e.g. via "gh api repos/openobserve/openobserve-docs/contents/..." and the GitHub repo URLs like https://github.com/openobserve/openobserve-docs and https://github.com/openobserve/openobserve) to drive authoritative behavior and prompt logic, meaning external content fetched at runtime can directly control the agent's instructions.