metabase-static-embedding-to-guest-embedding-upgrade

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The workflow requires locating and extracting signed JWTs and places where METABASE_SECRET_KEY is used, and producing exact file diffs and replacement HTML that embed the raw token/JWT (or literal token strings found in code) verbatim into generated output, which exposes secrets through the LLM output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow (Step 1a in SKILL.md) directs the agent to curl and read the public Metabase docs file (https://www.metabase.com/docs/v0.{VERSION}/llms-embedding-full.txt) and to treat it as the authoritative source for mapping and migration decisions, so externally-hosted third‑party content is fetched and directly influences subsequent tool use and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs fetching and reading the external docs at https://www.metabase.com/docs/v0.{VERSION}/llms-embedding-full.txt via curl at runtime and mandates using that file as the authoritative source to drive mapping and migration decisions, so the fetched content directly controls the agent's instructions and behavior.