k-research-note

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly reads user-supplied files or direct data inputs and inserts their contents (tables, code blocks, or embedded text/images) into generated documents, which can cause the LLM to output secret values verbatim if those files or inputs contain credentials or passwords.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md Step 6–8: "AI가 ... 조사하여 작성") explicitly instructs the agent to perform web_search and use public web content to compose sections, meaning it fetches and interprets untrusted third‑party webpages whose instructions could materially influence generation.