doc-testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires generating and echoing full JSON test specs (including "type": {"keys": "..."}) and running shell commands that write those specs to disk and show validator output, which forces any embedded secrets (passwords, API keys, cookies) to appear verbatim in the agent's output, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md) explicitly generates and executes Doc Detective test specs that navigate to and inspect public URLs using actions like "goTo", "find", "httpRequest" (examples include https://duckduckgo.com and https://doc-detective.com), so the agent will fetch and interpret untrusted third‑party web content as part of its operation, which could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's execution instructions explicitly call external runtimes that fetch and execute remote code at runtime—e.g., "docker run docdetective/doc-detective:latest" (Docker Hub image) and "npx doc-detective" which pulls packages from the npm registry (https://registry.npmjs.org) — both are runtime external dependencies that would execute remote code.