airtable-connect

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to ask the user to paste their Airtable Personal Access Token (pat.*) and to "write directly to .env" (and shows examples where the PAT is pasted and handled), which requires the LLM to receive and emit the secret value verbatim—creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill programmatically queries and caches records and schemas from third-party Airtable workspaces (via scripts like discover_bases.py and query_records.py and the cached context file 01-memory/integrations/airtable-bases.yaml), thereby ingesting and displaying user-generated/untrusted Airtable content as part of its workflow.