green-invoice

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's authentication examples and curl commands explicitly show inserting API key ID/secret and Bearer tokens into request bodies and Authorization headers, which encourages the agent to accept and emit secret values verbatim (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and acts on external Green Invoice webhook payloads and API responses (see SKILL.md Step 10 "Webhooks" and the scripts/green-invoice-client.py which GET/POST /v1/documents and download links), meaning untrusted/user-provided document fields and downloadable PDFs from the third-party service are read and used to route actions and trigger follow-up behavior.