performing-dark-web-monitoring-for-threats

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes code that embeds an API key directly in an HTTP request header (e.g., "hibp-api-key": "YOUR_HIBP_KEY") and instructs use of commercial monitoring APIs, which encourages requesting and inserting secret values verbatim into generated requests/code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow and scripts (SKILL.md, scripts/process.py, scripts/agent.py) explicitly fetch and parse open/public third‑party, user‑generated sources — e.g., .onion paste sites via Tor, HaveIBeenPwned API, the Ransomwatch posts.json on raw.githubusercontent.com, URLhaus and BreachDirectory — and then use those results to generate alerts/reports and trigger incident‑response recommendations, so untrusted content can materially influence agent actions.