google-news-api-skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask the user to provide the BrowserAct API key "here" if the BROWSERACT_API_KEY env var is not set, which will cause the secret to be sent into the LLM context and likely used verbatim (exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill queries and ingests live, public Google News content via the BrowserAct Google News workflow (TEMPLATE_ID in scripts/google_news_api.py) as described in SKILL.md and the script (scripts/google_news_api.py), so the agent will read untrusted third‑party news/article content that could influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to BrowserAct's API (https://api.browseract.com/v2/workflow) to launch a remote workflow template (TEMPLATE_ID) that executes automation on the provider side and is required (BROWSERACT_API_KEY), so external content is executing remote code the skill depends on.