primary-logic-external-api

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill embeds an "Authorization: Bearer <PRIMARYLOGIC_API_KEY>" header and a curl example that implies inserting the API key into generated commands, which requires the LLM to handle/output the secret value verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Decision Workflow and Endpoint Cheat Sheet explicitly require calling external endpoints like GET https://primarylogic--pulse-backend-external-api-app.modal.run/v1/content and /v1/tickers/{ticker}/content to ingest "standardized_content" (summaries/snippets/source metadata) which the agent must read and use to form theses, catalysts, and actions, meaning untrusted third-party content can materially influence behavior.