zapier-workflows

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks users to provide webhook URLs and authorization tokens, stores them in plain-text references, and instructs the agent to include those secrets verbatim in curl/claude commands and files, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly calls external MCP tools like Perplexity Search and instructs the agent to "call Perplexity Search" and "analyzes results" (e.g., the "Research the latest on quantum computing" example), which causes the agent to ingest and interpret open/public web search results—untrusted third-party content—during its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). Flagged because the skill explicitly performs runtime curl POSTs to user-provided Zapier webhook URLs (e.g., https://hooks.zapier.com/hooks/catch/[your-url]), which execute remote workflows (remote code) and are a required dependency for its webhook-trigger functionality.