openwebninja_universal_scraper

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt tells the agent to ask the user to paste API keys into chat and then append those exact key strings into .env (and references other env-based secrets), which requires the LLM to receive and potentially emit secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user-generated web content (e.g., apis/realtime-forums-search/README.md for forum threads, apis/realtime-news-data/README.md and review APIs like yelp/trustpilot, plus the "web-unblocker" entry in the API catalog) and the workflow/recipes show those scraped results being fed into analysis tools and chained actions (multi-API workflows and AI-enrichment steps), so untrusted third‑party content can directly influence tool use and next actions.