tax-filing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires collecting and inserting sensitive values (SSNs, bank routing/account numbers, direct-deposit info) directly into filled PDF forms and fill scripts, which forces the agent to include secret values verbatim and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs the agent to fetch and parse year-specific data and blank PDF forms from public websites (e.g., "Research from IRS.gov and FTB.ca.gov" in Step 3 and the IRS/FTB download URLs in Step 7), and those external pages are read and used to compute tax values and drive form-filling, so third-party content can materially influence tool behavior.