valyu-search

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt tells the agent to ask the user to paste their API key and then run a CLI command embedding that key verbatim (scripts/valyu setup / examples like scripts/valyu setup val_abc123...), which requires the LLM to handle and output secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open/public third-party content—see SKILL.md Search "web" type, the Contents API (/v1/contents) and examples like scripts/valyu contents "https://techcrunch.com/article"—and the integrations (OpenAI/Gemini/Anthropic/LangChain docs) show agents are expected to read and synthesize that content, so untrusted external pages can materially influence tool calls and agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The documentation configures a remote MCP server URL (https://mcp.valyu.ai/mcp?valyuApiKey=your-valyu-api-key) that is invoked at runtime as an MCP tool provider and returns tool responses/contexts to the model, which directly controls agent prompts and behavior.