frappe-core-files

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit examples that embed API credentials verbatim (e.g., curl Authorization header with api_key:api_secret and site_config.json with s3_access_key/s3_secret_key), which requires the LLM to output secrets directly and is therefore high risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly supports fetching and ingesting arbitrary http/https URLs (see "Save File from URL" example and "Valid URL prefixes: http://, https://" / decision tree entry for save_url), so the agent can read untrusted third-party content that could influence subsequent processing.