agent-evaluation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows commands that echo and interpolate sensitive environment variables (MLFLOW_TRACKING_URI, MLFLOW_EXPERIMENT_ID) and uses them as CLI args, which would expose secret values verbatim in output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md "Documentation Access Protocol" explicitly requires fetching and querying the public MLflow docs starting at https://mlflow.org/docs/latest/llms.txt and then using WebFetch on any referenced URLs, so the agent will ingest public third‑party web content (and follow links) that can change its tooling and execution decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires at-runtime fetching and querying of MLflow docs at https://mlflow.org/docs/latest/llms.txt and using any referenced WebFetch URLs to guide dataset/scorer/evaluation behavior, so external content from that URL directly controls prompts/instructions and is a required runtime dependency.