create-anyone

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to "keep original wording — do NOT paraphrase" and save raw source material verbatim into training/raw/, which forces the LLM to copy any user-provided secrets (API keys, tokens, passwords) into its outputs/files and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly directs the agent to perform WebSearch for public figures and fictional-character wikis and to Read user-provided social media archives and chat exports (Phase 3 and Tools sections), which the agent ingests and uses to build persona packs—i.e., untrusted third‑party/user‑generated content is fetched and interpreted at runtime and can change downstream actions.