cocoindex

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly tells the agent to ask users for API key values and to use real API keys (and shows .env and example places where keys would be inserted), which requires the LLM to accept and potentially emit secret values verbatim — a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests external, potentially user-generated content (e.g., cocoindex.sources.AmazonS3 and Google Drive sources and the FetchEnrichmentDataExecutor that calls arbitrary spec.api_endpoint) and then feeds that untrusted content into LLM-driven transforms like ExtractByLlm, so the agent will read/interpret third‑party data and could be exposed to indirect prompt injection.