here-now

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs the agent to collect a user-provided sign-in code and to use/save returned apiKey (including example curl and echo commands that embed those secrets), which requires embedding secret values verbatim into requests or filesystem writes and therefore creates a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly requires the agent to fetch and read the live docs at https://here.now/docs "at the first here.now-related interaction" and whenever the user asks about capabilities, so the agent ingests public, external web content that can materially influence its decisions and actions.