kuroco-webhook-processing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's examples show API keys, bearer tokens, GitHub tokens, and a Slack webhook URL being placed inline in headers/parameters (e.g., "Bearer YOUR_API_KEY", webhook_url="https://hooks.slack.com/services/xxx/yyy/zzz", "token YOUR_GITHUB_TOKEN"), which instructs the agent to embed secret values verbatim in generated output and thus poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows {api_request url='https://api.example.com/endpoint'} and GitHub/Slack webhook examples where the agent assigns the external response to vars (e.g., var='response' / $response.list) and then reads/iterates/conditions on that data to drive actions (logs, slack_send, GitHub dispatch), meaning it ingests untrusted third‑party API/web content as part of its workflow and that content can materially influence subsequent tool use.