concierge

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs users/agents to run commands like concierge config set <key> "<secret>" and shows placeholders for real API keys/tokens, which encourages embedding secrets verbatim in CLI commands/config and therefore requires the LLM to handle/output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and scrapes open/public third‑party content — e.g., find-contact accepts arbitrary Airbnb/Booking.com/VRBO/Expedia listing URLs and check-availability uses browser automation to scrape Booking.com (and search uses Google Places) — and the agent reads/interprets that content to extract contact/availability information, exposing it to untrusted user-generated web content.