ai-director

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to ask users to send their X2C API key and to run commands (e.g., node ... verify-key x2c_sk_xxx, bind --key "x2c_sk_...") and store it in files, which requires the LLM to receive and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly calls external, public APIs (e.g., the X2C Open API at https://eumfmgwxwjyagsvqloac.supabase.co/functions/v1/open-api and giggle.pro endpoints) and accepts arbitrary public image URLs (see ad-account-manager.js, ad-producer.js, ad-character-manager.js and references like QUALITY-AND-RETRY.md and AD-WRITER-GUIDE.md), and the SKILL.md + scripts explicitly require the agent to read those API responses (script/query, video/query, QC reports, character data) and then make decisions or modify prompts/trigger retries—so untrusted third‑party content is ingested and can materially influence subsequent tool actions.