airflow

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt embeds literal secrets and credentials (e.g., POSTGRES_PASSWORD=airflow, AIRFLOW__WEBSERVER__SECRET_KEY=changeme, --password admin, --conn-password 'pass', api_key 'abc123') and shows CLI commands that pass them as arguments, which requires the LLM to generate outputs containing secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's DAG examples explicitly fetch external HTTP content (e.g., the extract() function in "dags/hello_world.py" calling requests.get('https://api.example.com/data') and the SimpleHttpOperator "fetch_api" in "dags/operators_demo.py"), meaning untrusted third‑party responses are ingested and then read/used by downstream tasks—exposing the agent to potential indirect prompt injection via those external data sources.