pp-contact-goat

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly tells the agent to ask the user for API keys and shows commands that embed those keys verbatim on the command line (e.g., claude mcp add -e DEEPLINE_API_KEY=value and --deepline-key/flag usage), which requires the LLM to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md "Two Auth Surfaces", "Notable Commands", and "Direct Use") explicitly runs searches and dossier/enrichment commands that fetch and parse third-party data from LinkedIn, the public Happenstance API/cookie-backed web app, and Deepline (e.g., commands like coverage, hp people, warm-intro, api hpn research), so the agent ingests untrusted, user-generated/public web content which directly informs subsequent decisions and tool actions.