persona-dataset

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill ingests and stores verbatim source text, directs the agent to read MemPalace content and produce L1 (direct quote) evidence and to export raw sources into training/, so any secrets found in inputs (API keys, passwords, tokens) would be read and reproduced verbatim by the LLM, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests untrusted, user-generated third‑party content — e.g., social archives like X/Twitter and Instagram (adapters/social.py and references/source-formats.md), chat exports (adapters/chat_export.py) and WebSearch (Tools section of SKILL.md) — stores it in MemPalace, and the agent is instructed to read that stored content to build/update the wiki (Phase 3 in SKILL.md), so external content can materially influence agent decisions and actions.