wren-dlt-connector

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt tells the agent to ask the user for their API key/token and demonstrates embedding that key into an export command (export ...="the-actual-key"), which encourages the LLM to accept and reproduce secret values verbatim in generated commands — an explicit secret-exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs using dlt to fetch data from public SaaS APIs (see Phase 1 and references/dlt_sources.md listing HubSpot, Stripe, GitHub, Slack, etc.), and the scripts/introspect_dlt.py then reads the resulting DuckDB and uses that third-party/user-generated content to auto-generate models, run queries, and drive subsequent actions, so untrusted external content is ingested and can influence behavior.