structured-output-fabric

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill ingests arbitrary text from files, APIs, command outputs or user input and enforces returning exact JSON of user-specified fields, so if the schema or source contains secrets (API keys, tokens, passwords) the LLM will be instructed to include them verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md) explicitly accepts "text from any source: files, API responses, command output, user input, or other tools" and concatenates that external source text into the prompt ("Combine Prompt with Source Text") before calling fabric raw_query, meaning untrusted/public third‑party content can be ingested and directly influence the model's output and behavior.