configure

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks for a webhook URL and instructs the agent to inject that URL into shell commands (npm run ... ) and save it verbatim into config files, which requires the LLM to handle and output potentially secret values directly and risks exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly enables and configures external MCP servers (notably the Tavily MCP) in SKILL.md Step 5 and references/mcp-config.md, and lists agents/skills (e.g., web-research-analyst, market-intelligence, web-research-workflow) that call tavily_search/tavily_extract to fetch and extract content from arbitrary web URLs, meaning untrusted third-party pages are ingested and can influence agent actions—allowing indirect prompt injection.