rico-resource-article

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the agent to prompt for API keys, accept user-entered keys, save them into .env and use them for screenshot API requests—forcing the model to receive and handle secret values (and potentially embed them verbatim), which is a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and verify content from public third‑party sources (e.g., "Visit GitHub page → Get Stars, Forks, Contributors", "Visit official site → Get component counts", NPM pages, and to capture pages via ScreenshotOne/urlscan.io in Step 1 and the screenshot process), so the agent ingests untrusted user-generated/public web content that can materially influence recommendations and follow‑on actions.