azure-mgmt-apimanagement-py

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes hardcoded secret values (named_value value="secret-key-value") and explicitly prints a subscription key (print(f"Subscription key: {subscription.primary_key}")), which requires the agent to handle and emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md contains an "Import API from URL" example that has the client fetch and ingest an external OpenAPI document (e.g., value="https://petstore.swagger.io/v2/swagger.json"), meaning it pulls untrusted public web content that the agent parses and uses to create APIs.