next-bulk-fulfill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user to provide an API key and shows/uses the key inline in curl commands and in the generated Python script Authorization header, which requires the LLM to handle and output the secret value verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests user-provided CSV files and queries the merchant's public store API (https://{subdomain}.29next.store/api/admin) as part of its required workflow, and it parses those responses to select fulfillment order IDs and decide whether to perform POSTs — meaning untrusted third-party content is read and can materially affect actions.