sales-leadmagic

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes explicit curl examples and MCP/config snippets that place an API key directly in request headers or command lines (e.g., -H "X-API-Key: your_api_key", LEADMAGIC_API_KEY=your_key"), which encourages the agent to embed user-provided API credentials verbatim in generated commands or code, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and API reference explicitly accept and ingest public LinkedIn/B2B profile URLs (Profile Search, Profile→Email, Personal Email Finder) and ad/landing-page results (Google/Meta/B2B Ads Search) and exposes these tools to AI agents via the MCP server, meaning the agent will read untrusted, user-generated public web content that could carry embedded instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs running "npx leadmagic-mcp" (github.com/LeadMagic/leadmagic-mcp), which fetches and executes a remote npm package at runtime to provide the MCP server/tools, so it is a runtime external dependency that executes remote code.