spot-competitor-sales-activity

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to ask the user for a 6-digit verification code and then run a shell command embedding that code verbatim (bash "$SIGNUP" verify "<user_email>" ""), which requires the LLM to include a sensitive secret value directly in its generated command output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly takes competitor LinkedIn profile URLs and calls the third-party OpenFunnel API (e.g., bash "$API" POST to https://api.openfunnel.dev) to ingest and present LinkedIn activity/accounts (user-generated public content) which the agent reads and uses to decide deployments and next actions, creating a clear path for indirect prompt-injection via those external signals.