find-law-firm

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires obtaining and using a bearer token (from env/.env or an OTP flow) and explicitly instructs setting Authorization: Bearer , performing POSTs with the OTP/code, and telling the user to save/display the returned token, which forces the agent to handle and potentially output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches and ingests data from the third‑party ServiceGraph API (api.servicegraph.co) as part of its core workflow — e.g., SKILL.md shows calling GET /v1/search and GET /v1/get to obtain firm text, URLs, phones, emails and other catalog fields — so untrusted public firm metadata or user‑sourced descriptions could be read and used to drive filtering, shortlisting, and follow‑up actions, enabling indirect prompt injection.