skill-lookup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs the agent to retrieve, present, and save full file contents (including scripts and config files) verbatim, which could require emitting any secret values embedded in those files and thus enables secret exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill calls the prompts.chat MCP tools search_skills and get_skill to fetch skill metadata and full file contents (SKILL.md, scripts, docs) from the prompts.chat server — content that is likely user-submitted/untrusted third-party data which the agent reads and installs.