score-and-tier

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt requires the agent to embed a user-provided 6-digit verification code verbatim in a shell command (bash "$SIGNUP" verify "<user_email>" ""), which forces the LLM to handle/output a secret value directly, even though API keys are otherwise kept in .env.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to pull and read inline signal content (e.g., "actual job posting text, social posts, context" via /api/v2/account/batch and account timelines /api/v1/account/{accountId}/timeline and alerts) and to use that untrusted, user-generated third‑party content to assign scores and create audiences, so external content can directly influence tool use and decisions.