moai

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly includes commands to view/add/change "API 키", stores API keys in project memory (moai-credentials.env), and generates files with connector/API key information, which implies the agent may request, read, and output secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs runtime use of public third‑party data/APIs (e.g., init-protocol.md Phase 3.2 requiring API keys for data.go.kr, KIPRIS, law.go.kr and references to web fact‑checking in evaluation-protocol.md), so the agent will fetch and ingest untrusted public content that can change tool usage and decisions.