serp-analysis

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes a curl example that embeds an API key as a URL parameter ({key}) and instructs using SerpAPI, which would require the LLM to place a secret verbatim into generated commands/requests, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow and examples explicitly instruct querying Google via web_fetch or SerpAPI (see "Workflow" step 2 and the AI Overview curl/SerpAPI snippet), fetching open web search results and linked pages that the agent must read and analyze, which are untrusted third-party sources that could contain injected instructions.