craftsman-agent-skills

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes an explicit demo API key value (BETA_TEST_KEY_MARCH_2026) and shows the API key passed in the request URL (onekey=YOUR_API_KEY), which encourages embedding key values verbatim in requests/commands and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md) and provided scripts call the external OneKey Router at https://agent.deepnlp.org/agent_router and accept/refers to arbitrary ref_image_url inputs and the router's JSON outputs (assembly_step_image, inventory_list, etc.), meaning the agent ingests and acts on third-party-hosted, potentially user-supplied content that can materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The scripts make runtime POST requests to https://agent.deepnlp.org/agent_router which returns generated build plans and step-by-step instructions that are directly used as the agent's outputs (i.e., the remote service controls the instructions) and the skill depends on that endpoint (or the demo key) to function.