blog-inboxmate

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to read local site files and "COPY EXACTLY" header/footer and JS into new HTML and then output/commit/push those files, which could force the LLM to reproduce any embedded API keys or other secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Step 3 explicitly instructs the agent to "Use WebSearch to research the latest developments" (public web content) and to use those findings to choose the topic and write the article, so untrusted third‑party material could be read and materially influence the agent's decisions and actions.