python-sdk

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes explicit examples that pass API keys and webhook URLs directly as string arguments (e.g., client = inference(api_key="inf_your_key"), webhook_tool("slack","https://hooks.slack.com/...")), which encourages the LLM to embed secret values verbatim in generated code/commands even though env-var usage is also shown.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's docs (references/agent-patterns.md RAG pattern and SKILL.md's internal_tools/web_search, the "search" app_tool, the "Working with URLs" file examples, and the sessions browser-automation examples) explicitly show agents fetching and using web search results and arbitrary remote URLs/pages as input, so untrusted third-party content can be ingested and materially influence agent actions.