agentos-api-workflows

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an explicit example that injects an Authorization header with a bearer token literal ("Bearer your-jwt-token"), which encourages embedding secret values verbatim in generated code/requests and thus presents an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill’s CLI and client code (scripts/run_workflows.py and SKILL.md) call AgentOSClient against an arbitrary --base-url (e.g., remote AgentOS servers) and explicitly ingest/stream RunContent and workflow responses via run_workflow/run_workflow_stream, meaning it fetches and processes untrusted third-party workflow content that could contain instructions affecting subsequent behavior.