uipath-platform

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes examples that pass secrets directly on the command line (e.g., --client-secret "") and shows stored access tokens and curl commands using those tokens, which encourages embedding secret values verbatim in generated commands or outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Integration Service workflow clearly instructs the agent to call and parse external connectors and arbitrary HTTP endpoints (see references/integration-service/connectors.md "HTTP Connector Fallback" and agent-workflow.md / resources.md steps that list, describe, and execute connector resources including http-request with a full URL), so it ingests untrusted third‑party API/web content and uses that content to drive subsequent actions and decisions.