building-chat-interfaces

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The MCP Authentication section injects the user's access_token into a system prompt and instructs the assistant to include that access_token verbatim when calling MCP tools, which forces secret values into the model's context/output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly extracts and injects page DOM and user-selected content from the hosting page via getPageContext/useChatKit (SKILL.md and references/chatkit-integration-patterns.md) into agent prompts/metadata, meaning untrusted third-party page content can be interpreted by the agent and influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes a Next.js Script that loads and requires the external runtime script https://cdn.platform.openai.com/deployments/chatkit/chatkit.js (executing remote code in the browser and providing required web components), so it pulls and runs external code at runtime.