smart-search-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to accept user-provided API keys and embed them verbatim in CLI commands (e.g., smart-search config set OPENAI_COMPATIBLE_API_KEY "key" or --tavily-key "key"), which forces the LLM to handle and output secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to run web-facing CLI commands that fetch and ingest public third‑party content (e.g., smart-search search, exa-search, zhipu-search, and especially smart-search fetch "https://example.com" and the Deep Research "fetch_before_claim" steps in SKILL.md) so the agent reads/relies on untrusted web pages (Tavily/Firecrawl/Zhipu/Exa and arbitrary URLs) to form claims and next actions, which could enable indirect prompt injection.