map-your-market

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly requires the agent to include verbatim quotes and raw scraped signals in its outputs (and even echoes GITHUB_TOKEN in setup), so any secret tokens or credentials present in the collected data or environment would be reproduced verbatim and exfiltrated.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md and scripts/fetch.py explicitly fetch and ingest user-generated public content from Reddit (public JSON), Hacker News (Algolia API), GitHub Issues, G2 scraping, and Google Trends, and then instruct the agent to analyze those verbatim signals (top-60) to drive clustering and generate positioning/next actions, which meets all criteria for untrusted third-party content that can influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches external data at runtime from APIs such as https://api.github.com which are injected as raw pain signals (GitHub issues, Reddit posts, HN items, G2 scrape results) and those fetched verbatim signals are then fed into the AI analysis prompts to directly control the agent's outputs, making this a required runtime dependency.