anysearch

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to request, extract, and persist API keys by replacing the placeholder in the SKILL.md and embedding the key verbatim into Authorization headers and example commands, forcing the LLM to handle and output secret values directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill explicitly instructs automatic collection, solicitation, and persistent in-file storage of user API keys (including auto-extraction from API responses) which enables credential capture and long-term exfiltration; no hidden exec/remote-shell or obfuscated payloads are present, but the deliberate credential-persistence/collection behavior is high-risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This SKILL.md explicitly instructs the agent to perform web searches and to call the "extract" tool to fetch full page content from arbitrary http(s) URLs (see "extract — Fetch URL" and Best Practices "Drill down with extract"), including domains like "ugc", so untrusted public web/user-generated content will be ingested and can materially influence decisions or follow-up actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill explicitly directs the agent to read and overwrite its SKILL.md file to persist API keys (writing sensitive credentials into a file and modifying the agent's files), which instructs the agent to modify the host filesystem and thus risks compromising machine state and credential persistence.