personize-solution-architect

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill repeatedly shows and instructs embedding API keys (e.g., sk_live_..., sk-or-v1-...) in connection strings, headers, and BYOK parameters and mandates concrete code/examples for integrations, which encourages or requires the LLM to emit secret values verbatim rather than only using safe patterns like env vars or delegated auth—creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires "Phase 0: Prospect Research" — instructing the agent to "research the prospect online using web search" and to fetch public skill files from GitHub, which means the agent will ingest and act on untrusted public web content (company sites, job postings, repos) that can materially influence decisions and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly tells runtime agents to fetch SKILL.md from the public repo (https://github.com/personizeai/personize-skills/tree/main/skills/) when a skill isn't installed locally, which is a direct runtime fetch of remote instructions that can control agent prompts/behavior.