hurl

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes multiple examples that embed secrets verbatim (e.g., passwords, session tokens, and an API key passed on the command line) which encourages or requires the agent to output sensitive values directly rather than keeping them in environment variables or redacted form.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill (Hurl) explicitly makes HTTP requests to arbitrary public URLs (see request.md examples like "GET https://..." and the chaining examples) and then extracts and uses untrusted response content via [Captures] and filters (xpath/jsonpath/regex in capturing-response.md and filters.md) as part of its workflow, so it ingests and interprets third‑party/user-generated content.