secondme

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires reading a local credentials file and "use the resulting accessToken as the Bearer token for all authenticated requests below," which forces the agent to handle and place the secret verbatim into Authorization headers/requests (creating an exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The Third-Party Skills workflow (references/third-party-skills.md) explicitly fetches and installs server-returned generatedSkillFiles — including SKILL.md, prompt.md, and prompt_short.md — and instructs the agent to persist them verbatim into the local skill root, which clearly ingests untrusted third‑party developer content that can contain prompt injections and materially influence later tool execution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). At runtime the skill fetches third‑party skill bundles (including prompt.md / prompt_short.md) from https://app.mindos.com/gate/lab/api/secondme/extensions/detail/{skill_key} and writes/installs those files locally, so remote content can directly control agent prompts and is a required dependency.