train-complex-blackbox

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly tells the agent to ask the user for an API key and to accept/pass an "api-key" and "base-url" as command-line arguments or subprocess inputs (i.e., embed them in commands/process execution), which requires including secret values verbatim and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's agent_roll.py explicitly loads training items via RouterTaskReader with reader_type="huggingface_dat_repo" (e.g., dataset_path like "openai/gsm8k" or a huggingface repo) so it ingests public Hugging Face dataset content which the agent reads and uses to drive execution and reward decisions, exposing it to untrusted third-party input.