overleaf

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs copying the Overleaf session cookie and embedding it directly in a command line (olcli auth --cookie "YOUR_SESSION_COOKIE"), which requires the LLM to include secret values verbatim in generated outputs/commands, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the skill uses olcli to pull and download Overleaf project files and compile outputs from overleaf.com (e.g., via olcli pull, olcli output), which are arbitrary user-generated third‑party contents that the agent would read and interpret.