web-research-assistant

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly instructs the agent to request the BrowserAct API key from the user if the BROWSERACT_API_KEY env var is not set, meaning the model would receive a secret it must use in API requests (and could be output verbatim), which creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly calls BrowserAct MCP to search and extract content from arbitrary public web pages (see scripts/research.py → execute_web_search posting to https://mcp.browseract.com/ and SKILL.md "Global Search" / "Aggregates data from multiple search results"), then parses titles/snippets/URLs into summaries and recommendations, so untrusted third‑party content is read and can materially influence actions.