creative-orchestrator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an explicit API key value in setup and example commands (e.g., export FAL_API_KEY="c42f7c6b-...") and instructs sample outputs that would verbatim expose that secret, so the LLM would be required to handle/output the secret directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly includes a "Web Search Integration" example and a Pattern 5 usage calling generate_asset(..., enable_web_search=True) and even says "Enable Google Search for real-time data", which means the agent will fetch and ingest untrusted public web content as part of its workflow and could let that content influence actions.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The document contains a high-entropy, literal API key in the "Set API Key" section:

export FAL_API_KEY="c42f7c6b-0ada-4a38-8a6e-604330d64156:bc3dc6a72347cbb32e4a8d3ea53ef335"

This is not a placeholder (it is long, UUID-like followed by a long hex string) and appears to be a real, usable credential. The same value is also shown for FAL_KEY. I ignored placeholder examples like "your_key_here" elsewhere per the rules.