infographics

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes a --api-key CLI option (and shows usage for passing a key) which encourages embedding API keys as command-line arguments, forcing secrets to appear verbatim in commands/outputs and creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill calls Perplexity Sonar Pro in research_topic() and web_search() to fetch web search/research results (and creates {name}_research.json) and then directly incorporates that third‑party web-sourced content into the generation prompt via _enhance_prompt_with_research, so it ingests and interprets untrusted public web/user-generated content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime API calls to https://openrouter.ai/api/v1 (using models like perplexity/sonar-pro) and directly injects the returned research/content into the generation prompt, meaning external responses from that URL can control agent prompts at runtime.