omero-integration

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's example code and instructions explicitly embed usernames/passwords (e.g., BlitzGateway("username","password")) and require supplying OMERO credentials, which encourages the agent to accept and output secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md instructs the agent to connect to an arbitrary OMERO server (host provided by the user) and to read user-generated data such as TagAnnotation/MapAnnotation and image lists (e.g., "Find images with a specific tag", image.listAnnotations(), conn.getObjects("TagAnnotation", ...)), and those annotations/tags are ingested and used to select or drive processing, so untrusted third-party content can materially influence agent actions.