omero-integration

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt's code examples and prerequisites explicitly show passing host/username/password strings directly into BlitzGateway calls and describe needing server credentials, which encourages embedding secrets verbatim in generated code or commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly connects to arbitrary OMERO servers via BlitzGateway (host/port in SKILL.md Quick Start and Module 1) and reads user-generated content — images, tags, MapAnnotations, and ROIs (see Module 3, Module 4, Module 5 and the Common Workflows) which the agent ingests and uses to drive processing and exports, so untrusted third-party content could indirectly influence actions.