secondme-external-skill-catalog

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read a local credentials file containing an accessToken/access_token and to use that token in Authorization: Bearer headers when calling the API, which requires embedding the secret verbatim into generated requests/commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches install payloads from https://app.mindos.com/gate/in/rest/third-party-agent/v1/skills/{skillKey} and writes the returned generatedSkillFiles (including prompt.md and prompt_short.md) verbatim, so untrusted third-party content from that endpoint can contain instructions that influence browsing/installation decisions and future tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). This skill fetches install bundles at runtime from https://app.mindos.com/gate/in/rest/third-party-agent/v1/skills/available and https://app.mindos.com/gate/in/rest/third-party-agent/v1/skills/{skillKey}, and the returned generatedSkillFiles (notably prompt.md and prompt_short.md) are written and thus directly control agent prompts, making these URLs a required runtime dependency that can inject instructions.