rag

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt's code examples instruct embedding secrets directly (e.g., .apiKey("your-api-key"), .password("password")), which encourages placing API keys/passwords verbatim into generated code or commands and creates exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and retrieves web/public HTML content (see the "HTML Splitter" in references/document-chunking.md and Example 3's ContentRetriever webRetriever = EmbeddingStoreContentRetriever.from(webStore), which indicates pulling from webStore), so the agent will read and use untrusted third-party pages as part of retrieval and prompt construction, enabling indirect prompt injection.