tax-filing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill mandates collecting and saving sensitive data (direct-deposit routing/account numbers and extracted SSNs/figures) into plaintext work files and populating PDF form fields, which requires the agent to handle and potentially output those secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs the agent to fetch and parse year-specific data and blank PDF forms from public websites (e.g., "Research from IRS.gov and FTB.ca.gov" in Step 3 and the IRS/FTB download URLs in Step 7), and those external pages are read and used to compute tax values and drive form-filling, so third-party content can materially influence tool behavior.