overleaf

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs copying the Overleaf session cookie and embedding it directly in a command line (olcli auth --cookie "YOUR_SESSION_COOKIE"), which requires the LLM to include secret values verbatim in generated outputs/commands, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly pulls and syncs projects from Overleaf (overleaf.com) via olcli (see SKILL.md / README "olcli pull" and references/API.md), thereby ingesting arbitrary user-generated project files from the public Overleaf service that the agent is expected to read and which can materially influence subsequent actions like compile, push, or packaging, enabling indirect prompt-injection risk.