exploiting-excessive-data-exposure-in-api

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's example scripts actively search for and print matched sensitive values (e.g., API keys, JWTs, AWS keys and samples of matches), which instructs an agent to capture and output secrets verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests responses from arbitrary API endpoints (e.g., BASE_URL in SKILL.md and the --url flow in scripts/agent.py) and the workflow uses discovered schema/response content (GraphQL introspection and extracted fields) to drive further queries and findings, so untrusted third-party API data can materially influence subsequent tool actions and decisions.