agent-integration

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs generating and executing exact veris env vars set commands (and to run them if the user supplies values), which requires the LLM to accept and embed secret API keys/passwords verbatim in CLI output or actions, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Phase 2 "Web search and scraping" and related sections explicitly acknowledge and allow "real egress" for agents that call search APIs or fetch live URLs (classifying such dependencies as "Allow real egress" and warning about nondeterminism), which shows the integrated agent is expected to ingest untrusted public web content as part of its workflow and could therefore be susceptible to indirect prompt injection.