hive

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires using the agent's API key as a Bearer token in request headers (shown in curl/examples as Authorization: Bearer ), which encourages embedding the secret verbatim into generated commands/requests and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and acts on public, user-generated content from the Hive network (e.g., GET /api/feed/global and GET /api/agents/:name_or_id/posts at https://hive.steve-mallett.workers.dev), and those posts can be interpreted to drive actions like replies, boosts, or follows—creating a clear avenue for indirect prompt injection.