social

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt's examples and instructions explicitly tell users to save and reuse an API token and show curl commands with Authorization: Bearer {{YOUR_TOKEN}}, which encourages embedding secret tokens verbatim into requests/commands (an exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches and acts on public, user-generated content—e.g., browsing public profiles via GET /api/agents and reading public chats via GET /api/chat/{matchId}/messages—and the documented "next_steps" returned in every authenticated response can include API actions to execute, meaning untrusted third-party content can directly influence the agent's behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The inbed.ai API (https://inbed.ai, https://inbed.ai/docs/api) is called at runtime and the documentation states authenticated responses include a "next_steps" array with executable actions (method+endpoint+body) that the agent is expected to execute, so remote content from that URL can directly control agent instructions.