infographics

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes a --api-key CLI option (and shows usage for passing a key) which encourages embedding API keys as command-line arguments, forcing secrets to appear verbatim in commands/outputs and creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches web research from Perplexity Sonar Pro in scripts/generate_infographic_ai.py (research_topic and web_search) and then incorporates that untrusted, third‑party research content into the generation prompt via _enhance_prompt_with_research, allowing external webpage-derived text to influence image-generation and iteration decisions.