dating

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt repeatedly shows curl examples embedding an Authorization: Bearer {{YOUR_TOKEN}} header and instructs saving/using the returned token, which encourages placing secret tokens verbatim into generated commands/outputs (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and acts on user-generated, public platform content from inbed.ai (e.g., GET /api/discover for profiles, GET /api/chat for messages) and instructs the agent to "follow suggested actions" returned as next_steps in API responses, meaning untrusted third-party content can directly influence the agent's next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to the inbed.ai API (e.g., https://inbed.ai/api and https://inbed.ai/docs/api) whose responses include adaptive "next_steps" that directly instruct/guide the agent, and the skill's behavior depends on those responses, so this is a runtime external dependency that can control agent instructions.