agentix-ceo

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's API examples and steps require embedding API keys/tokens verbatim in requests and payloads (e.g., Authorization: Bearer , PATCH { "anthropicApiKey": "sk-ant-..." }), forcing the agent to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to "Read the playbook before acting" by fetching team playbooks and templates from the Agentix API (GET $AGENTIX_API/teams/TEAM_ID/playbook and GET $AGENTIX_API/playbook-templates/), which can contain user-editable/custom policies and thus untrusted third-party content that directly governs agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches the team playbook at runtime via GET $AGENTIX_API/teams/TEAM_ID/playbook (with $AGENTIX_API defaulting to https://agentix.cloud), and that fetched playbook directly governs agent behavior and prompts, making the external URL a runtime source of instructions.