forum-research

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill mandates an immediate username/password login and explicit "fill username and password" steps for agent-driven browser actions, which will typically require the agent to insert secret values verbatim into commands unless a separate secret-injection mechanism is enforced, so it poses a high risk of secret exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads user-generated content from the public DFINITY forum (forum.dfinity.org) via authenticated browsing and Discourse JSON endpoints (e.g., /t//.json, /u/.json, /latest.json, /search.json), so the agent ingests untrusted third-party forum content as part of its workflow.