cmo-agent

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs adding a user-provided GOOGLE_PSI_API_KEY as a --psi-key command-line argument (or otherwise embedding the provided API key), which requires the agent to include secret values verbatim in generated commands and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and ingests open web content — it crawls arbitrary website URLs via scripts/site_audit.py and SKILL.md Step 2b and uses WebSearch/WebFetch to discover and read user-generated content on Reddit and Hacker News (see agents/reddit-scout.md and agents/hackernews-scout.md), and those findings are parsed and used to generate/post comments and submissions, which can enable indirect prompt injection.