fastfold-fold-job

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). Although the skill recommends using environment variables (safe), it also tells the agent to ask the user for an API key and to use/override it via --api-key or an Authorization header, which encourages the LLM to accept and embed secret values verbatim into commands/requests, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill fetches and parses job results and artifact URLs from the public FastFold API (GET /v1/jobs/{jobId}/results) and downloads artifacts (e.g., cif_url/pdb_url on artifacts.fastfold.ai), and those job results can be public/user-generated and are read/interpreted by the scripts, so the agent is exposed to untrusted third‑party content.