paragraph-api

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's examples and instructions explicitly show embedding API keys (e.g., Bearer tokens in curl headers and passing apiKey into the SDK constructor), which would require the LLM to include secret values verbatim when producing runnable commands or code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly calls public Paragraph API endpoints (e.g., GET /v1/posts, /v1/posts/slug/, /v1/publications//posts?includeContent=true and the /discover/search endpoints) which ingest user-generated/public content from paragraph.com that the agent is expected to read and that could materially influence actions like publishing, scheduling, or sending newsletters.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill exposes explicit crypto transaction capabilities: the "Coins" section provides price quotes and explicit buy/sell operations (SDK methods api.coins.buy / api.coins.sell and REST endpoints /coins/buy and /coins/sell). The SDK examples require a viem WalletClient and Account (i.e., signing/on‑chain transaction execution). These are specific, purpose-built financial operations (crypto wallet transactions), not generic API or browser automation, so it grants direct financial execution authority.