kaggle-standardized-agent-exam

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to read/store an API token and include it verbatim in Authorization headers (and shows curl examples with Bearer YOUR_API_KEY), which requires the LLM to handle and emit secret values in generated requests, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md Step 3 instructs the agent to POST to https://www.kaggle.com/api/v1/agentExamSubmission to fetch exam questions (external, third‑party content) which the agent must read and follow, so those remote instructions can directly influence answers and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). Yes — the skill makes runtime requests to https://www.kaggle.com/api/v1 (e.g., POST https://www.kaggle.com/api/v1/agentExamSubmission and GET/POST https://www.kaggle.com/api/v1/agentExamAgent) to fetch exam questions that directly become the prompts the agent must follow, and those endpoints are required for the skill to function.