cook-the-blog

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). Because the workflow explicitly requires embedding API keys, repo/email credentials, and an App Password into commands/scripts (e.g., export SERPAPI_KEY="...", constructing git/HTTP auth or an smtplib script with an App Password), the LLM would be forced to include secret values verbatim in its output, creating a high exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.95). The skill is high-risk: it explicitly instructs the agent to solicit and use many sensitive credentials (service-account.json, API keys, SMTP app password, repo creds), to push content into arbitrary target repos/buckets, and to email a final report—patterns that enable credential harvesting and straightforward data exfiltration and remote modification of user resources (with additional supply-chain risk via installing external CLI/packages).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md and README explicitly instruct the agent to perform "deep research" using the Tavily tool and standard web searches (including Reddit and other forums) and to ingest SerpApi/Google Trends outputs, meaning it will fetch and interpret untrusted, user-generated third‑party web content that can materially influence its writing, tooling, and publishing decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires adding and loading the external "Stop Slop" GitHub skill at runtime (https://github.com/hardikpandya/stop-slop), which will be fetched and used to control the agent's output/behavior, and the pipeline lists it as a required dependency for enforcing writing rules.