pubnub-live-stock-quote-updates

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's output requirements explicitly ask to "Include PubNub SDK initialization with publish and subscribe keys," which encourages embedding API keys directly into generated code and thus could force the LLM to handle or emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill clearly ingests and processes external realtime feeds and PubNub channel messages (see references/stock-quotes-setup.md connectToMarketFeed using wss://provider.example.com/feed and subscriptions to channels like quotes.*, news., plus fetchMessages), so it reads untrusted third‑party/user-provided content at runtime.