next-ops-scan

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs the user to create and supply a store Admin API token and even shows an export/CLI snippet where the token would be pasted, which means an agent could be prompted to collect or echo that secret verbatim (exfiltration risk), even though using environment variables is the intended safer pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required runtime workflow calls the skill’s bundled Python script, which fetches outsider-authored store data (orders/fulfillments) via the Admin API and then writes it into next_ops_scan_summary.md/CSV that the agent reads back into LLM context; this includes customer/order fields originating outside the operating user.