andromeda-messages

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt hardcodes and repeatedly instructs use of the header "Authorization: Bearer andromeda25" in curl examples and requests, which requires the agent to emit that secret verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and lists user-generated nodes from the public site https://www.mishabuloichyk.com (e.g., GET /api/andromeda?galaxy=...), and those arbitrary third‑party messages are read/presented and could influence subsequent actions, so they could carry indirect prompt injection.