google-search-console

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs embedding API keys directly in CLI commands (e.g., gsc config set pagespeed-api-key <your-key>) and even shows an API-key-like example (AIza...), which means an agent could be required to accept and emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill programmatically fetches data about arbitrary public sites/URLs via Google Search Console (e.g., SKILL.md commands and src/gsc/inspect_url.py, src/gsc/sitemaps.py) and PageSpeed Insights (SKILL.md and src/gsc/pagespeed.py), and the included playbook and workflows instruct the agent to read and act on those results (e.g., inspect, pagespeed, query, sitemap operations), so untrusted third-party page content could materially influence decisions or follow-up actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The SKILL's setup explicitly tells users to run a shell pipeline that fetches and executes remote code—"curl -LsSf https://astral.sh/uv/install.sh | sh"—to install the required 'uv' tool, so this URL is a runtime external dependency that executes remote code.