prompt-injection-guard

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill instructs the agent to write and surface full content excerpts from untrusted external sources (including logging them to disk and telling the user), which can cause any embedded API keys, tokens, or passwords to be output verbatim and thus exfiltrated.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests external, untrusted content (web pages, emails, scraped pages, shared docs and file contents) as part of its workflow — see SKILL.md "When to invoke" and the example walkthrough (curl https://example.com/page | python3 guard.py) — so the agent will read third‑party content that can materially influence whether it proceeds, warns, or blocks.