colosseum-copilot

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to ask the user for a Colosseum PAT and explicitly embed that token into saved config and into curl commands (replace TOKEN_VALUE / "Authorization: Bearer TOKEN_VALUE"), which requires the LLM to handle and output the secret verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly calls Colosseum Copilot API endpoints (e.g., POST /search/projects, GET /projects/by-slug/{slug}, POST /search/archives, GET /archives/{documentId}) to ingest project descriptions, team links, and archive documents from public/user-contributed sources and then uses that content to drive search, gap analysis, and recommendations, so untrusted third-party content can materially influence agent actions.