hevy

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt's Quick Start instructs using a CLI "hevy auth " (placing the API key directly on the command line), which encourages embedding a secret value verbatim in commands and could cause the agent to output user API keys or tokens directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and ingests data from the Hevy API (see lib/api.sh and lib/cache.sh where paginate_all/cache_refresh call endpoints like /v1/exercise_templates, /v1/workouts, /v1/routines) and then uses those exercise/workout/routine results via exercises_search, cache_get and routines_create to choose IDs and build routines, so user-generated/untrusted content from the third‑party API is read and can materially affect tool decisions.