migrate-bluejay

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to collect API keys (from arguments or by asking the user) and embed them directly into curl headers and requests (e.g., -H "X-API-Key: "), which requires the LLM to handle and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests content from the external Bluejay API (e.g., "Step 1: Inventory" using endpoints like GET /v1/all-agents, /v1/custom-metrics, /v1/communities in references/bluejay-api.md), and that untrusted/user-generated Bluejay data (prompts, knowledge bases, custom metrics, community posts, digital-human scripts) is read and directly used to build prompts, metrics, personas, and run templates that materially influence subsequent API calls and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill runtime fetches Bluejay prompt and knowledge-base content from https://api.getbluejay.ai (e.g., GET /v1/agents/{agent_id}/prompts?label=latest and /v1/agents/{agent_id}/knowledge-bases/versions?page_size=1) and directly injects that content into migrated Coval agent/persona prompts, meaning remote content controls agent instructions.