heyreach-connect

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly instructs the agent to ask the user to paste their HeyReach API key (and save it to .env), which requires the LLM to receive sensitive secret values in-chat and thus creates a high exfiltration risk even if scripts themselves read .env.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly calls the HeyReach API (e.g., scripts like get_conversations.py, get_leads.py, list_campaigns.py against https://app.heyreach.io) and ingests user-generated leads/conversation/campaign data from that third-party service, which could contain untrusted content and enable indirect prompt injection.