find-seo-agency

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to obtain and use bearer tokens (from env/.env or via an OTP flow) and to display the newly issued token to the user (e.g., "Save this as SERVICEGRAPH_TOKEN=…"), which requires handling and outputting secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill contains explicit instructions to search local shell environment and project dotenv files for a SERVICEGRAPH_TOKEN and to "use it; don't ask", which constitutes deliberate credential access/stealthy use (credential theft/data-exfiltration) even though the rest of the API usage is legitimate.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly drives the external ServiceGraph API (https://api.servicegraph.co) — calling /v1/explore, /v1/search, and /v1/get as part of its required workflow in SKILL.md — and reads those third‑party firm records (descriptions, metadata, contact info) which the agent then uses to decide which firms to shortlist and which follow-up requests to make, creating a clear vector for untrusted content to influence actions.