ai-searching-docs

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes multiple code examples that embed API keys/secrets directly as string literals (e.g., OpenAIEmbeddingFunction(api_key="..."), PineconeRetriever(..., api_key="...")), which encourages placing secret values verbatim in code/outputs and creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and examples.md explicitly show loading and retrieving content from public web sources (e.g., LangChain's WebBaseLoader "https://example.com/help" and the ColBERTv2 URL in examples.md) and then feeding those retrieved passages into the model to generate answers, so untrusted third-party content is ingested and can influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The examples include a concrete runtime fetch to a ColBERTv2 endpoint (http://20.102.90.50:2017/wiki17_abstracts) which, if the sample is run, returns passages that are injected into the model context and therefore can directly control agent outputs.