invoice-capture-agent

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt explicitly requires extracting and routing banking/payment details (account numbers, routing numbers, payment instructions) and presenting/exporting extracted fields for review or ERP posting, which would require the LLM/agent to handle and potentially output sensitive secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and processes untrusted, user-generated third-party content — e.g., "Step 1: Ingest invoices from all channels: email attachments, EDI/XML feeds, supplier portal submissions, scanned paper, e-invoicing networks" and then "Step 3: Data Extraction" and subsequent routing/ERP posting — meaning external invoice content is read and directly drives validation, routing, and posting decisions.