workflow-weaver

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to read files, save file contents and command outputs to references, and include full commands/file contents in generated SKILL.md (with no redaction guidance), which can cause API keys, tokens, or passwords to be copied and emitted verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly performs WebFetch/WebSearch on arbitrary URLs and saves or includes those fetched pages as references/steps (see "Actions to Monitor" WebFetch entry and the "Save as reference"/"Add as step" processing), so untrusted third‑party page content can be read and used to influence generated steps and subsequent behavior.