enterprise-account-research

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to embed a user-supplied verification code verbatim into shell commands (bash "$SIGNUP" verify "<user_email>" ""), which requires outputting a secret value directly and creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly calls the OpenFunnel API to fetch "hiring posts, social activity, and team-mapped contacts" (e.g., /api/v1/signal/get-signal-list and deep enrichment that scans for hiring posts/social signals and returns signal contexts and source_url) — these are untrusted, public/user-generated third-party sources that the agent reads and uses to drive decisions and next actions.