kelet-integration

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to ask the user to paste secret keys (e.g., KELET_API_KEY/sk-kelet-...) and to run/create evaluators via API calls (including printing the pre-curl message and invoking the Primary API call), which requires the LLM to receive and embed secret values verbatim in requests/commands — an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow explicitly tells the agent to "Fetch live docs before writing code" from public URLs (https://docs-ai.kelet.ai/chat?q=... and https://kelet.ai/docs/llms.txt), so the agent will fetch and interpret third‑party web content as part of its flow, allowing that content to influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs fetching live docs at runtime (e.g., GET https://docs-ai.kelet.ai/chat?q= and/or https://kelet.ai/docs/llms.txt) to guide code/instruction generation, so external content would directly control the agent's outputs.