freek-dev-blog

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt requires using a bearer token (it even names the token file .secrets/blog-freek-dev.md) in the Authorization header for API requests, which implies the agent must read and insert the secret value into requests/commands (risking verbatim exposure), even though examples use a placeholder like $TOKEN.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch and use third‑party, user‑generated content (e.g., "Get the video title via oembed API: youtube.com/oembed?url=VIDEO_URL&format=json" and to summarize external URLs in link-post workflows), so untrusted web content is read and directly influences post creation and actions.