metabase-modular-embedding-version-upgrade

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The workflow requires the agent to read project files and output exact per-file diffs (including docker-compose.yml and .env) and command outputs, which can expose secrets (JWTs, API keys, env vars) verbatim in the agent's responses.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and reads public third‑party documentation into its workflow—e.g., curling https://www.metabase.com/docs/v0.{VERSION}/llms-embedding-full.txt (Allowed documentation sources) and the raw GitHub changelog in scripts/prepare.sh—and then uses those fetched docs to build the change catalog and drive migrations, so external content can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs fetching version-specific documentation via curl (e.g., https://www.metabase.com/docs/v0.{VERSION}/llms-embedding-full.txt) at runtime and then reading that file into the agent context to drive the migration/cataloging logic, meaning remotely fetched text directly influences the agent's prompts and behavior.