researchers-primary-source

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt requires preserving and outputting exact quotes from primary sources (including leaked emails or chat logs), which could force the model to reproduce secret values verbatim if those appear in the sources.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and DIRECT_SOURCES.md explicitly instruct the agent to fetch and quote public, user-generated content (e.g., Twitter/X via twitter.com/[username], Reddit via reddit.com/user/[username], forum posts, archive.org snapshots) and to use those quotes and voice analyses to drive research outputs and lyrical/narrative decisions, which clearly exposes the agent to untrusted third-party content that can influence subsequent actions.