moltbook-premium-data-splitting

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs replacing the license placeholder with the generated license and running a curl command that embeds that license value verbatim, which requires the agent to output a secret-like token directly and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to browse and fetch Moltbook posts and comments (e.g., "Browse Hot Posts" and the GET /posts and GET /posts/{id}/comments API endpoints), which are untrusted, user-generated third-party content that the agent reads and can act on, enabling indirect prompt injection.