ima-knowledge-base

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly tells users to copy client_id and api_key and provide them to CountBot so the agent will embed those secret values into config.json, meaning the LLM would need to handle and output secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly imports and indexes arbitrary web pages (media_type=2 / import_urls via POST openapi/wiki/v1/import_urls, see command_import_url in scripts/ima_tool.py and SKILL.md) and also reads/searches knowledge-base items (highlight_content returned by search_knowledge) and uses those excerpts to rank/select hits and drive follow-up searches/inspection (e.g., choose_preferred_hit, build_enriched_hit_context, select_best_hit_excerpt), so untrusted public webpage/user-generated content can influence tool behavior and next actions.