modal

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit examples that pass secrets as literal values on the command line (e.g., modal secret create ... API_KEY=sk-xxx and export MODAL_TOKEN_SECRET=<your-token-secret>), which encourages embedding secret values verbatim in commands or outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly shows fetching arbitrary public web pages (references/examples.md "Web Scraping at Scale" using httpx.get + BeautifulSoup) and downloading third‑party models/data into images (references/images.md .run_function with huggingface_hub.snapshot_download), which ingest untrusted, user-generated public content that the agent will read/use at runtime and could therefore enable indirect prompt injection.