seo-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt embeds a sensitive header value (x-sop-internal: renDt/...AyZw=) and instructs automated requests to include it, which requires the LLM to handle and potentially output the secret verbatim (e.g., in curl/requests), creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md audit workflow explicitly requires fetching and inspecting the target site's public pages (robots.txt, XML sitemap, page HTML and rendered JS/JSON-LD) and references using browser rendering, web_fetch/curl, Google Rich Results Test and Screaming Frog, so the agent will ingest and act on untrusted public website content supplied by users.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned the entire skill prompt for literal, high-entropy values that look like real credentials. The header value in the "WAF note" — x-sop-internal: renDt/H8fb0SN+zsgVWb9dqbd9SS5+UfGgCEIKbAyZw= — is a high-entropy string (base64-like, trailing "=") and is presented as a required header for automated requests to *.scienceofpeople.com. That matches the definition of a secret (a literal token giving access).

No other high-entropy literals were found. Other items in the document are either environment variable names, commands, human-readable configuration, or obvious examples/placeholders (which per the rules are ignored).