reserve-with-google

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows embedding credentials (user:pass) in proxy URLs and environment variables and uses command-line flags, which requires the agent to include secret values verbatim in generated commands/outputs and thus poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly opens and scrapes live Google Maps pages ("https://www.google.com/maps") and follows booking redirects to external provider sites (e.g., opentable.com, resy.com, vagaro.com, yelp.com, toasttab.com), parses snapshots of those public pages, and takes actions based on detected page content (buttons, iframes, URLs), which exposes the agent to untrusted third‑party content that could carry indirect prompt injection.