agent-analytics

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's examples and setup explicitly show placing API/project tokens inline (e.g., npx ... login --token aak_... and data-token="aat_...") and instruct using the returned project token in an HTML snippet, which requires the agent to accept and emit secret values verbatim (an API-key-as-CLI-arg / embedding secret-in-snippet pattern).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch and interpret analytics data from public/user-generated sources (e.g., properties.* fields, referrer and UTM strings via npx @agent-analytics/cli query/breakdown and events logs) and to make follow-up decisions/actions (create/complete experiments, funnels, alerts) based on those results, so arbitrary third-party visitor content could materially influence the agent.