skill-lookup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs the agent to retrieve, present, and save full file contents (including scripts and config files) verbatim, which could require emitting any secret values embedded in those files and thus enables secret exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill calls the prompts.chat MCP server tools (search_skills and get_skill) to retrieve full skill packages including SKILL.md, scripts, and config files authored by external users, so untrusted user-generated content from those third-party skill pages would be ingested and could influence agent actions (e.g., installation and execution) at runtime.