ops-integrate

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks the user to paste API credentials into the agent (AskUserQuestion) and then injects that credential into storage and curl commands (jq --arg v "$CREDENTIAL" and curl with Authorization/X-Api-Key/-u), which requires the agent/LLM to handle and could expose the secret verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's onboarding Step 1 explicitly uses "WebSearch" to discover official API docs, base URLs, and auth patterns from public websites (third-party docs), which the agent then reads and uses to determine auth, endpoints, and follow-up actions—exposing it to untrusted web content that can influence behavior.