flight-schedules

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires inserting the raw Aviationstack API key directly into generated SQL (SECRET_STRING = '{API_KEY}'), which forces the LLM to handle/output the secret verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required runtime workflow calls Aviationstack’s REST API from the Python Snowflake procedure (PROC_INGEST_FLIGHT_SCHEDULE via requests.get(...)), then ingests the returned JSON into HELPER_FLIGHT_SCHEDULE_RAW as RAW_JSON (outsider-authored free-form content from a public third-party web API).

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs creating network rules, an account-level EAI/integration, storing secrets, creating procedures and scheduled tasks — all privileged, state-changing operations on the database/account that modify the machine/environment.