rag

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt's code examples instruct embedding secrets directly (e.g., .apiKey("your-api-key"), .password("password")), which encourages placing API keys/passwords verbatim into generated code or commands and creates exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md and examples explicitly show ingesting and retrieving web/HTML content (e.g., the HTML splitter and the "webRetriever"/"Multi-Source RAG Pipeline" examples and instructions to load documents from "API" or web sources), meaning the agent will read and inject untrusted public web content into prompts and retrievals, enabling indirect prompt injection.