ce-proof

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt explicitly instructs extracting access tokens from URLs and embedding them into API requests/headers (e.g., x-share-token / Authorization: Bearer / curl examples), which would require the agent to handle and potentially output secret values verbatim unless mitigated by runtime-only variables—creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads user-generated content from Proof (e.g., Phase 2.1 "GET /api/agent/{slug}/state" from https://www.proofeditor.ai which returns markdown and human-authored "marks") and the HITL workflow (Phase 2.3/2.4 in references/hitl-review.md and SKILL.md) requires the agent to interpret those human comments and then decide and perform edits/operations, so untrusted third-party text can directly influence agent actions.