news-sentiment

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read config["newsapi"]["key"] and substitute the resolved key string into the NewsAPI request URL (apiKey={KEY}), which requires the LLM to handle/output the secret verbatim and thus presents an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests headlines from open third-party news sources—via NewsAPI in Step 3a and via WebSearch of public sites like reuters.com, bloomberg.com, seekingalpha.com, finance.yahoo.com in Step 3b—and then directly reads and scores that content (Steps 4–5) to drive its output, so untrusted external content can materially influence agent decisions.