money

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill prompts users to provide API keys in-session (and to save/use them) so the LLM will receive secrets in-chat and could expose or echo them in outputs or stored context, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Auto-Research User Profile" step explicitly instructs the agent to web-search public profiles (LinkedIn, X/Twitter, GitHub, blogs, Product Hunt) and to "scrape their website/product" when provided, meaning the agent will ingest untrusted third-party/user-generated web content and use it to build context that can change routing and actions.