protect-agent-with-policies

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly requires a valid Bearer token and may ask for username/password or user-provided configuration values (which can include secrets) and instructs building/applying API request bodies/configurationData that embed those values, so the agent would need to handle and potentially include secret values verbatim in requests or outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches agent assets and policy templates from Exchange (Step 2: getAssetsSearch and Step 8: getExchangePolicyTemplates), which can include user-published/untrusted content, and it parses the returned policyConfiguration schema and asset data to build configurationData and drive subsequent policy-application actions — enabling indirect instructions from third-party content to influence tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill makes a runtime call to the Exchange policy templates API (urn:api:api-portal-xapi — operation getExchangePolicyTemplates) and uses the returned policyConfiguration to build and drive the interactive prompts, so external content directly controls agent prompts and is a required dependency.