account-scoring

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks the agent to embed a user-supplied 6‑digit verification code (and email) verbatim into the signup command (bash "$SIGNUP" verify "<user_email>" ""), so the model must output a secret value in a generated command even though API keys themselves are handled by scripts.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly calls the OpenFunnel API (see Runtime Step 4: POST /api/v2/account/batch) which returns inline signal content including job posting text and social posts that the agent is required to read and use to score accounts, thereby ingesting untrusted public/user-generated content that could carry indirect prompt injections.