list-building

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly tells the agent to ask the user for their Extruct API token and to set it via an export command (export EXTRUCT_API_TOKEN=), which can cause the LLM to receive and/or emit the secret verbatim (high exfiltration risk), even though API use via env vars is otherwise recommended.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly uses Extruct's Discovery API (see references/discovery-api.md and the SKILL.md "Method 3: Discovery API" and Workflow Step 0) which ingests public web sources (e.g., web_search, linkedin, maps) and returns company descriptions, source URLs, and graded explanations that the agent is expected to read and use to drive searches, filtering, and list-building decisions, so untrusted third-party content can materially influence actions.