taskingbot-skill-validator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to return matched "snippets" from the provided SKILL.md/manifest/schema (text.slice around regex matches), which will verbatim include any secret values present in those files, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and scans arbitrary SKILL.md, skillManifestJson, and schemaJson inputs (user-provided skillMarkdown/skillManifestJson/schemaJson) and uses their text to generate findings and a riskScore/status that directly control blocking or approving skills, so untrusted third-party content can influence agent decisions.