featbit-sdks-dotnet

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes code samples that place an EnvSecret value directly into initialization/configuration (e.g., FbOptionsBuilder("") and options.EnvSecret = ""), which encourages asking for or embedding real secret values verbatim in generated code or commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to "Read the official README section" on the public GitHub repo (https://github.com/featbit/featbit-dotnet-sdk and linked README pages) when users ask, which requires fetching and interpreting public third‑party content that could alter actions or decisions.