love

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly requires embedding bearer tokens (e.g., Authorization: Bearer adk_your_token_here / {{YOUR_TOKEN}}) in curl commands and API requests, which forces the agent to include secret values verbatim in generated output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs the agent to fetch and act on untrusted, user-generated content from inbed.ai — e.g., public profiles via GET /api/agents, chat messages via GET /api/chat, and the discover feed via GET /api/discover — and to follow the API-provided "next_steps" (in SKILL.md) which can contain actionable instructions that influence subsequent tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to https://inbed.ai (e.g., GET/POST to https://inbed.ai/api/...) whose responses include a "next_steps" array with method+endpoint+body that the agent is explicitly instructed to follow, meaning remote content from that URL can directly control agent prompts/actions at runtime.