agentic-top-10

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs scanning for credentials (grep patterns like "api_key|secret|password|token") and to document evidence/code snippets as findings, which can require the agent to read and output secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly directs the assessor to use the public fabraix/playground GitHub exploit library (https://github.com/fabraix/playground) as a hands-on tool for testing AG01–AG10, which requires fetching and interpreting untrusted, user-generated third‑party content as part of the required assessment workflow.