anygen-financial-research

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill includes an explicit CLI example that embeds an API key as a command argument (python3 scripts/anygen.py config set api_key "sk-xxx") and requires prompting the user for an API key, which encourages collecting and potentially echoing the secret verbatim (an exfiltration risk), even though safer env-var patterns are also mentioned.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill sends user prompts (and uploaded files) to the AnyGen API and explicitly states it uses publicly available data (e.g., Bloomberg, Yahoo Finance, company filings) and then requires the agent to read and directly present/use the prepare API's returned "reply" and "suggested_task_params"/prompt (SKILL.md phases 1–3), so untrusted third‑party content ingested server‑side can materially influence the agent's subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill makes runtime calls to the AnyGen OpenAPI at https://www.anygen.io (API_BASE) which returns suggested_task_params/reply used as prompts/instructions for the agent, and the skill requires this external service (ANYGEN_API_KEY) to function, so remote content directly controls agent prompts.