inspirera

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill requires reading and verbatim-quoting source and target files (code, configs, PROFILE.md, etc.), so if those contain API keys/passwords the LLM would be forced to output them, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's SKILL.md explicitly instructs the agent to fetch and read external public URLs (see "Step 2: Read the source" — GitHub repos via GitHub MCP; "Articles, blog posts" — "Fetch full content"; "Hacker News threads" — "Read both the linked article and top comments"), and then uses that content to map concepts and recommend actions for a target project, so untrusted third‑party/user‑generated content can materially influence the agent's decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches arbitrary external resources at runtime (e.g., https://github.com/org/repo and https://example.com/blog/interesting-approach) and injects their content into the model context to drive analysis and prompts, so this is a runtime dependency that directly controls agent prompts.