social-posts

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt both uses the safer pattern of reading GEMINI_API_KEY from the environment but includes explicit code and instructions that append that key into request/download URLs and example commands (e.g., ?key={api_key} and &key=API_KEY), which would require exposing secret values verbatim in generated requests/outputs if executed or printed, so it poses a significant exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required "Before Starting" step 5 instructs the agent to check "published articles / reference material" (e.g., articles listed in product-marketing-context.md) and to use them as source material for post angles, which implies fetching/reading public blog posts (dev.to or other external URLs) whose user-generated/untrusted content would directly influence copy and posting decisions.