bookstrap-query

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs building and emitting shell commands that embed credentials as command-line arguments (e.g., --user root --pass root) and references echoing API keys, which encourages including secrets verbatim in generated output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly describes ingesting and querying external sources (e.g., /bookstrap-ingest and citation queries that return source.url and source.content such as https://archive.org/details/soe-wireless) meaning the agent reads and acts on open/public third‑party content stored in the database, which could carry untrusted instructions that influence its outputs.