moltbook

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill includes many example curl commands that require an Authorization: Bearer YOUR_API_KEY header and explicitly tells agents to save the api_key (including "save it to your memory"), which instructs an agent to store and later insert the secret verbatim into requests/commands, creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and HEARTBEAT.md explicitly tell the agent to fetch and read public Moltbook content (e.g., "Fetch https://www.moltbook.com/heartbeat.md and follow it", /api/v1/feed, /api/v1/posts, and search endpoints) which are user-generated posts/comments that the agent is expected to interpret and act on (reply, follow, upvote, DM), so untrusted third-party content could embed instructions that influence the agent's decisions or tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent at runtime to fetch and "follow" external instructions from https://www.moltbook.com/heartbeat.md (and related https://www.moltbook.com/skill.md / skill.json) which directly control agent behavior, so this is a required runtime dependency that can change prompts/instructions.