sme-agent-protocol

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The protocol mandates quoting actual code and citing file contents as evidence (rather than summaries), so if repository files or configs contain secrets the agent would be expected to reproduce them verbatim in its output, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs SME agents to fetch and read external documentation from the public web using WebFetch or firecrawl (see Phase 1.4 "Fetch External Documentation" and the Tool Requirements recommending WebFetch/firecrawl), so the agent will ingest open/public third‑party content that could contain injected instructions.