tech-search

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The worker prompt explicitly requires preserving code examples "exactly as found" from webfetch results and returning them in JSON/docs, which can cause the LLM to capture and output API keys or other secrets present on fetched pages despite a superficial "never include secrets" constraint—creating a real exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Haiku worker workflow (3_parallel_search) and the page-extract.md prompt explicitly direct WebSearch/WebFetch to fetch and deep-read top URLs from the open web and extract code, steps, and "Actionable Insights"—i.e., untrusted public third-party content is ingested and used to drive subsequent synthesis and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill clearly performs runtime WebFetch of arbitrary external search-result URLs and injects the fetched page content (including exact code examples) into worker/model inputs—e.g., the page-extract examples reference URLs like https://example.com/redis-node-best-practices—which means external URLs fetched at runtime can directly control prompts/outputs and are a required dependency of the workflow.