next-bulk-move

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill explicitly asks the user for an Admin API access token and instructs embedding it in Authorization headers and API requests, which requires the LLM to handle and output the secret verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directs the agent to fetch and parse untrusted third-party API content from the user-supplied store endpoints (e.g., GET {STORE}/api/admin/fulfillment-orders/ and GET {STORE}/api/admin/locations/), and those responses are read and used to decide/carry out cancellation and move actions, so external content can materially change behavior.