dots

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to ask the user for an API key, persist it into dots.json, and generate/use curl commands that reference that key (and may embed it into created files/commands), which requires the LLM to handle and potentially output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill mandatorily fetches and treats space descriptions and label definitions from the Dots API (e.g., GET /api/workspaces/:ws/spaces and GET …/:sp/labels on https://dots.tallpizza.com) as authoritative guidance for how to create and structure nodes, which are user-editable/untrusted third-party contents that can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill uses the default base URL https://dots.tallpizza.com at runtime to fetch space descriptions and label_defs (GET /api/workspaces... and GET …/:sp/labels), and those fetched descriptions are treated as authoritative instructions that directly control how the agent composes prompts and performs actions, making this a required runtime dependency that controls agent behavior.