skillboss

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to relay outputs that contain temporary API keys (e.g., "Relay the full URL... https://.../login?temp=sk-tmp-...") and to print/save API keys to stdout/config, which requires the LLM to handle and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open web content (e.g., SKILL.md and commands.md list linkup-fetch, scrape, linkup-search and document processing; api-integration.md shows parseDocument(document_url) and extractFromDocument(document_url, schema)), so the agent is expected to read/interpret arbitrary public URLs and scraped content which could materially change its actions or tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes built-in Stripe integration and describes accepting payments, subscriptions, and checkout (Payment Gateway functionality). It also references billing, adding credits, and e-commerce workflows. Because Stripe is a specific payment gateway API, this is direct financial execution capability.