find-ai-consultancy

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly directs the agent to locate a bearer token (from $SERVICEGRAPH_TOKEN or .env files), to set "Authorization: Bearer " on authed requests, and to surface the OTP-issued token to the user to save — all of which require handling and potentially emitting secret token values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill includes explicit, stealthy instructions to harvest and reuse a bearer token from the environment and local .env files ("use it; don't ask"), which is a credential-theft / data-exfiltration pattern that can enable unauthorized access to user accounts; no obfuscated payloads, remote code execution, reverse shells, or hidden servers are present.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and ingests public, third‑party firm data from api.servicegraph.co (e.g., GET /v1/search and GET /v1/get/:id) — including firm URLs, briefs, contacts and social links — and the agent is expected to read and act on that data to shortlist and recommend firms, so untrusted external content can materially influence its decisions.