detecting-mobile-malware-behavior

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes curl examples and upload commands with API key placeholders (e.g., "x-apikey: <VT_API_KEY>", "Authorization: <API_KEY>") which instruct embedding secrets directly in headers/CLI, requiring the LLM to output secret values verbatim if used.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly queries VirusTotal (see SKILL.md Step 1's curl to https://www.virustotal.com and scripts/process.py's check_virustotal) and uses the returned reputation/detection data to adjust risk scoring and analysis, so it ingests public third‑party content that can materially influence decisions.