cgenius

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes hardcoded secrets and JWT-like tokens (e.g., "EpsimoAI184", "eyJhbGci...", project ID) and code that posts them verbatim in API requests, which requires the agent to handle/output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill creates and consumes public, user-filled questionnaires via shareable links (e.g., https://beta.cgenius.app/questionnaire/qst_...) and fetches questionnaire data from the API endpoint (/api/questionnaire/[token]), which means it ingests untrusted, user-generated content that the agent reads to drive proposal generation.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned for high-entropy, directly usable credentials. I ignored the truncated JWT-like placeholders (e.g., "eyJhbGci...") because they are redacted/truncated and match documentation placeholders. I also treated UUIDs (CGENIUS_ASSISTANT_ID and the project UUIDs) as non-secrets/identifiers.

Flagged item:

• The generateEmail function embeds a literal credential in the request body:
• user_id: "contact@epsimoai.com"
• password: "EpsimoAI184"

"EpsimoAI184" is a hardcoded password included in code and therefore a live credential risk and should be removed or rotated/secret-managed.

Ignored items and why:

• CGENIUS_EPSIMO_TOKEN="eyJhbGci..." and CGENIUS_PROJECT_TOKEN="eyJhbGci..." — truncated/redacted placeholders (ignore).
• CGENIUS_ASSISTANT_ID and the project UUIDs — identifiers (low-sensitivity), not high-entropy secrets by the given definition.