raindrop

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly shows and documents passing API tokens inline (e.g., raindrop login "test_...") and instructs copying a test token, which encourages embedding secrets verbatim in commands/outputs and creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows explicitly ingest and analyze arbitrary public URLs and bookmark content (e.g., raindrop add , raindrop get , raindrop patch ... "pleaseParse": true, raindrop suggest , and raindrop collection cover in SKILL.md and references/commands.md), meaning the agent will read untrusted third-party web content and use it to drive suggestions and follow-up CLI actions.