quant-buddy-skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly asks users to paste API keys (sk-... ), instructs the agent to extract the full key from messages and write it into config.json and then automatically reuse it, which requires handling secret values verbatim and creates exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill includes an event‑study flow that explicitly performs web/news searches via the Bocha web-search API (see recipes/event-study-formulas.md Step D2 and references/scripts-audit.md noting scripts/event_study_local.py calling https://api.bochaai.com/v1/web-search), so it ingests untrusted third‑party content (news/web results) which the agent reads and uses to pick event dates and drive downstream formula execution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The bundled scripts (scripts/self_update.py and related SKILL.md entries) explicitly allow downloading and installing a remote zip via a provided zip_url / github_zip_skill_path at runtime (the "zip_url" / GitHub zip path), which would replace skill files and thus can deliver and execute remote code—this is a runtime external dependency that can control agent behavior.