meta-business

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed secrets and tokens directly into commands (e.g., --token YOUR_TOKEN, meta config set app.secret YOUR_APP_SECRET, --verify-token TOKEN), which forces the agent to place secret values verbatim into generated CLI commands/outputs and therefore poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads user-generated content from public/social sources (e.g., "meta ig comments list" to read Instagram comments, "meta messenger receive" to list conversations) and ingests arbitrary external URLs/webhook payloads (webhook.forwardUrl, publishing media from public URLs), so the agent would consume untrusted third-party content that could carry indirect prompt injection.