schema-inspector

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). The prompt's "Knowledge Protocol" explicitly directs the skill to integrate and prioritize Confidential and Personal knowledge (including "the most specific secrets"), which goes beyond the declared purpose of locating/displaying schema files and thus constitutes deceptive/instructional behavior outside the skill's stated scope.

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's behavior—automatically locating and displaying schema files—means the agent would read and output file contents verbatim, which can include credentials or secrets (DB URLs, API keys, tokens), so it requires handling/outputting secret values.