302ai-api-integration

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the assistant to ask the user for their 302.AI API key and to embed that key verbatim into generated code and request headers (e.g., API_KEY = "{user_API_KEY}", "Authorization: Bearer ..."), which requires the LLM to handle and output secrets directly, creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md Steps 3 and 6) requires auto-fetching the public API list (e.g., https://doc.302.ai/llms.txt via scripts.parse_api_list.fetch_llms_txt) and using WebFetch to retrieve user-selected API documentation URLs to extract endpoints/parameters that the agent will act on, so arbitrary public documentation can directly influence generated code and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs at runtime to fetch the API list and per-API documentation (e.g., https://doc.302.ai/llms.txt and per-doc links like https://doc.302.ai/147522039e0.md via the parse script/WebFetch) and then directly uses that fetched content to extract instructions and generate integration code, so these URLs are required runtime dependencies that control the agent's prompts and output.