ai-searching-docs

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes multiple code examples that pass API keys/secrets as string arguments (e.g., api_key="...") and show instantiating clients with inline credentials, which encourages embedding actual secret values verbatim in generated code/commands and thus requires the LLM to handle secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly loads and retrieves passages from arbitrary public web pages and user-provided URLs (e.g., LangChain's WebBaseLoader and examples that query external servers like "https://example.com/help" and "http://20.102.90.50:2017/wiki17_abstracts"), then feeds those retrieved, untrusted passages into the model to generate answers—so untrusted third-party content can directly influence prompts.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The examples explicitly configure a runtime ColBERTv2 retriever pointing at http://20.102.90.50:2017/wiki17_abstracts, which the agent would query at runtime to fetch passages that are injected into the model context and can directly influence its outputs.