google-docs-md

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows using an OAuth bearer token in a curl Authorization header (curl -H "Authorization: Bearer ${TOKEN}"), which instructs embedding a secret value into generated commands and therefore requires the LLM to handle/output secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md explicitly instructs fetching and ingesting public Google Docs via the export URL pattern (https://docs.google.com/document/d/{DOC_ID}/export?format=md), which are untrusted, user-generated third‑party documents that the agent would read and could influence downstream actions.