bdistill-operationalize

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill accepts an api_key input and explicitly describes doing HTTP GETs "with api_key" (and other keyed endpoints like gnews), which implies the agent will need to embed secret API keys/tokens into generated requests or code rather than keeping them only in runtime-managed env/config — creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and interprets open/public third-party data (notably SKILL.md's "json-url" data_source and scripts/rules_monitor.py's fetch_json_url which HTTP GETs params["url"], plus other public APIs in references/api-catalog.md), and that untrusted JSON is parsed and used to map rule conditions and drive triggering/decisions—so external content can materially influence agent behavior.