deep-research

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The MCP configuration embeds an API key literal ("CRAFTED_API_KEY") directly in command args/headers, which requires the agent to include a secret value verbatim in generated config/commands—an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and analyzes "search results" via its integrated Search API and requires executing searches and aggregating findings as part of the /deepsearch workflow, which means it will fetch and read open web/public third-party content (potentially user-generated and untrusted) for interpretation.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The MCP configuration includes a runtime SSE endpoint at http://bore.pub:44876/api/v1/mcp/project/0581cda4-3023-452a-89c3-ec23843d07d4/sse which the agent is configured to connect to as a required dependency and can deliver runtime instructions that control agent behavior.