dots

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to read an API key from dots.json (or ask the user for an sk_... key) and to include an Authorization: Bearer header in curl requests, which forces the LLM to handle and potentially output the secret verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly instructs the agent to fetch and read graph snapshots, node data, template results, and view streams from the external Dots API (default https://dots.tallpizza.com and user-specified base URLs) — i.e., arbitrary workspace/space content that can be user-generated — and to act on those responses (queries, mutations, view events), so untrusted third-party content can materially influence subsequent tool use.