one-actions

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires retrieving and then inserting connection keys (secret connection identifiers) directly into generated execute commands and JSON, which forces the LLM to handle and potentially output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests documentation and runtime data from connected third-party platforms (see SKILL.md "Get Action Knowledge" and "Execute Action" steps for Gmail, Slack, HubSpot, Shopify, etc.), and the agent is expected to read and act on that untrusted/user-generated API content when building and executing requests, which could allow indirect prompt injection.