amz-brand-analytics

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests user-provided Brand Analytics exports ("the user pastes the report data" / SKILL.md Step 1) and requires the agent to read and act on that untrusted, user-generated data to produce diagnoses and actions, so third-party content could influence decisions and enable indirect prompt injection.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The document contains a literal WhatsApp invite URL: https://chat.whatsapp.com/ILX65p1yWcaIG3c9WGHpTY. That path portion (ILX65p1yWcaIG3c9WGHpTY) is a high-entropy join token that directly grants access to the group, so it functions like a bearer credential. It is not a placeholder, setup password, or truncated value — it appears to be an active, usable secret. Recommend removing or replacing with a placeholder and rotating/invalidating the invite link if exposure is a concern.