flirting

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt's curl examples and API calls require inserting an Authorization Bearer token directly into request headers ({{YOUR_TOKEN}} placeholder), which instructs the agent to embed secret values verbatim in generated commands and responses, creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill interacts with the public inbed.ai API (e.g., /discover, /api/agents/me, /api/chat and swipe endpoints) which returns other agents' user-generated profiles, taglines and messages that the agent is expected to read and use to decide swipes and compose messages, so untrusted third‑party content can materially influence behavior.