building-nango-functions-remotely

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires resolving and supplying the NANGO_SECRET_KEY and explicitly instructs sending Authorization: Bearer <NANGO_SECRET_KEY> to remote endpoints, which forces the agent to handle and embed the secret verbatim in requests/outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow and reference files (SKILL.md + references/actions.md and references/syncs.md) explicitly instruct the agent to call external provider APIs (e.g., nango.get / nango.paginate against provider endpoints like "/v1/contacts"), inspect provider docs and payloads, and use those remote responses to drive checkpointing, saves/deletes, dryrun/compile decisions, which means untrusted third-party content can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly requires calling the NANGO remote-function endpoints resolved from NANGO_SERVER_URL (fallback https://api.nango.dev) — e.g., POST {host}/remote-function/compile, /remote-function/dryrun, /remote-function/deploy — which execute/compile submitted TypeScript remotely, so this is a runtime external dependency that executes code.