agent-skill-evaluator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires extracting and quoting "specific code snippets" and "exact text from SKILL.md" and to show tool outputs/evidence, which would force the agent to reproduce any embedded API keys, tokens, or passwords verbatim if they appear in fetched files.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to fetch and scrape public GitHub repositories, websites, and direct .skill file URLs (Step 2: "Skill Acquisition" using GitHub MCP, Bright Data MCP / scrape_as_markdown, web_fetch) and then parse SKILL.md and scripts as core parts of its analysis, so untrusted third-party content can directly influence the agent's decisions and tool usage.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches SKILL.md/.skill files at runtime (e.g., via https://raw.githubusercontent.com/{owner}/{repo}/main/{filepath}) to load instructions that would directly control agent prompts, so this external URL pattern is a high-confidence runtime dependency that can control prompts.