find-engineering-firm

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read bearer tokens from the environment or .env files, insert "Authorization: Bearer " on authenticated requests, and even surface the OTP-issued token to the user ("The token is shown once"), which requires handling and may output secret values verbatim — a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and consumes firm profiles from the third-party ServiceGraph API (e.g., GET /v1/search and GET /v1/get on https://api.servicegraph.co), and those returned public/untrusted firm data (urls, social/contact fields, credentials) are read and used to drive shortlisting and follow‑up actions, which could allow indirect prompt-injection via malicious third-party content.