airtable

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill queries and ingests records from user-specified Airtable bases/tables (via base_id, table_name, and query_filter), so the agent will read arbitrary third-party/user-generated content from Airtable that could contain injected instructions.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I flagged the string "skpi-h0qwl26a3tovbejlear9z7rq" because it is a high-entropy, API-key–style literal embedded directly in a runnable command (refly skill run --id skpi-...). That format (sk*/long random suffix) matches real credential patterns and could be usable to access a service, so it should be treated as a secret.

Other values in the document are placeholders or low-risk examples and were not flagged:

• "appXXXXXXXXX", "we-xxx" and similar patterned values are placeholders.
• Example addresses/emails (e.g., "john@example.com") and the simple sample JSON values are documentation examples, not high-entropy secrets.