tensorlake

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt explicitly instructs the agent to ask the user for their API key and to guide them to set it with an export command (export TENSORLAKE_API_KEY="your-api-key-here"), which encourages the agent to accept and reproduce secrets verbatim in commands or code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's docs and examples (SKILL.md Quick Start fetch_page uses requests.get on arbitrary URLs, the instruction to fetch https://docs.tensorlake.ai/llms.txt when references lack detail, and DocumentAI.parse supporting file_url) explicitly show the agent fetching and ingesting open/public web content that can directly feed LLM prompts and influence downstream actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly directs runtime fetching of external documentation at https://docs.tensorlake.ai/llms.txt (and its example pipeline also fetches arbitrary webpages via requests.get(url) — e.g., "https://example.com") which would be injected into the agent's context/prompts and thus can directly control agent behavior.