knowledge-research

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt embeds explicit Basic auth credentials (cm9vdDpyb290 → root:root) for accessing the DB endpoint, which would require the agent to include that secret verbatim in requests or example commands, posing a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill queries a SurrealDB-backed knowledge base containing public third-party content (ArXiv papers, StackOverflow Q&A, GitHub repos) via the provided http://localhost:8000/sql endpoint and SQL functions (e.g., SELECT from knowledge, chat_message, paper), so the agent will read and act on untrusted user-generated web content as part of its workflow.