read-file

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to ask the user for HMAC key ID/secret (and to substitute ${HMAC_KEY_ID}/${HMAC_SECRET} and similar values into SQL/console commands persisted to state.sql), which requires including secret values verbatim in generated output and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and resolves remote HTTPS/S3/GCS/Azure URIs (Step 1) and then reads/parses those arbitrary remote files with the read_any macro and DuckDB commands (Step 4), so untrusted third‑party file content can be ingested and influence analysis and subsequent actions.