SafeAI-Global PRD Agent

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs the agent to "present all detected PII instances to the user" (and to persist user-injected rules into session/file storage), which requires echoing raw sensitive values verbatim before masking—creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests user-provided, untrusted rules via the /safeai inject [Rule Name]: [Rule Content] flow and scans the knowledge/custom/ directory (Step 1 and the /safeai inject description in SKILL.md), and those custom rules are given highest priority and can override or change the agent's behavior—creating a clear vector for indirect prompt injection.