oss-forensics

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs agents to extract and record IOCs including API keys/secrets (a "Value" field in iocs.md and entries in the evidence store) and even shows example token patterns, which would require the LLM to handle/output secret values verbatim unless an external secure mechanism is used.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow (Phase 2 investigators and IOC Enrichment) explicitly instructs the agent to fetch and parse untrusted public third‑party content—e.g., GitHub REST API calls, Wayback Machine CDX API snapshots, GH Archive/BigQuery queries, public WHOIS/passive‑DNS lookups and npm/PyPI registry checks—and to read/interpret that content to form and validate hypotheses that drive further tool use and reporting, which meets the criteria for indirect prompt‑injection exposure.