bni-121

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks the agent to collect account email/password, extract a JWT from localStorage, and then inject that JWT (and credentials) verbatim into shell commands/env vars (e.g., TOKEN="", agent-browser fill ""), which requires the LLM/agent to handle and output secret values directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill explicitly instructs harvesting a user's JWT from localStorage and uses it to programmatically submit bulk meeting/referral records to the BNI API, including an explicit bypass of duplicate-record checks — patterns that enable credential misuse and deliberate fabrication of records.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill logs into the public BNI Connect site (agent-browser opens https://www.bniconnectglobal.com/login/) and its scripts POST to the public API (https://api.bniconnectglobal.com/member-api/cross-chapter-search), parse the JSON search results (member id and chapterName) and use those values to drive subsequent API calls, so it clearly ingests untrusted third-party content that materially influences actions.