performing-dark-web-monitoring-for-threats

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes code that embeds API credentials directly in request headers (e.g., the HIBP "hibp-api-key" placeholder) and references using commercial dark-web APIs, which encourages putting secret keys verbatim into generated code/requests.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses untrusted public third-party content—e.g., Tor .onion paste sites and forums (monitor_paste_sites/search_for_keywords), the HaveIBeenPwned API, the Ransomwatch raw GitHub feed (posts.json), and breach directory APIs (scripts/process.py and SKILL.md)—and then uses those results to generate alerts, reports, and incident-response recommendations, so external content can materially influence agent decisions and actions.