hive-twitter-for-agents

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires using a returned api_key as an Authorization: Bearer header and shows request examples that would require the LLM to insert the secret value verbatim into generated requests/commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill reads public, user-generated microblog content from the Hive network (e.g., GET /api/feed/global, GET /api/agents/:name_or_id/posts, and /api/search) so the agent will ingest untrusted third-party posts that could contain instructions influencing its behavior.