heyreach

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to prompt the user for their HeyReach API key and then insert that key into a .env entry (HEYREACH_API_KEY=...), which requires the LLM to receive and potentially emit the secret verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill calls the HeyReach API and associated scripts (e.g., get_conversations.py, get_leads.py, list_campaigns.py and add_leads.py) to fetch LinkedIn campaigns, leads, and message threads — i.e., user-generated social-media content from third-party sources — which the agent is expected to read and interpret as part of its workflow.