jetty-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt asks the agent to collect user API keys and explicitly instructs substituting those real keys into generated file payloads/commands (e.g., temp heredocs for provider keys), which forces handling and embedding secrets in outputs despite some redaction guidance—creating a real exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests workflow/trajectory and environment data from Jetty's API (https://flows-api.jetty.io) and then reads and displays trajectory outputs and step results (user-authored or model-generated), which are untrusted third-party content that the agent uses as part of its runtime workflow (Steps 4–6 describe fetching collections, environment variables, trajectories, and files).