discover

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to create Persona artifacts that include plaintext password fields (e.g., "password": "SecureTest123!") and to perform auth flows, which requires embedding or outputting credentials verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Step 2B ("Explore Live App") instructs the agent to navigate to and explore a running URL (e.g., "Go To ") and to read/act on that live app's content to create features and drive next actions, which clearly ingests untrusted third-party web content as part of its workflow.