testing-agent

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly instructs the agent to collect “ALL required credentials” from the user, present missing environment-variable export commands, and ask the user to provide API keys (i.e., secrets) in a single prompt, which requires the LLM to receive and potentially echo secret values verbatim — an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's test runner (mcp__agent-builder__run_tests) and test-generation guidance explicitly include tools like web_search, web_scrape, Brave Search and Google Search, meaning tests can fetch and have the agent read untrusted public/web or social/user-generated content as part of execution.