openjudge

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt shows and encourages embedding API keys directly in code (e.g., api_key="sk-xxx"/"sk-..."), which requires the LLM to handle/echo secret values verbatim and is an insecure credential-handling pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's graders.md explicitly shows an AgenticGrader example that builds a ReActAgent with tools=[WebSearchTool()] and instructs it to "Verify the factual accuracy ... using web search if needed," which means the agent will fetch and interpret open web search results (untrusted third‑party content) as part of its evaluation workflow.