cook-the-blog

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). Because the workflow explicitly requires embedding API keys, repo/email credentials, and an App Password into commands/scripts (e.g., export SERPAPI_KEY="...", constructing git/HTTP auth or an smtplib script with an App Password), the LLM would be forced to include secret values verbatim in its output, creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly requires using the Tavily tool and "standard web searches" (including "Search Reddit and other relevant forums") and a SerpApi Google Trends script to ingest and extract metrics and GTM insights from public, user-generated web content, which the agent must read and use to drive writing, image metadata, and publishing decisions—exposing it to untrusted third-party content that could inject instructions indirectly.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires loading the Stop Slop skill from https://github.com/hardikpandya/stop-slop at runtime ("Add the Stop Slop skill to your agent's loaded skills before running"), so this external repository will be fetched and used to directly control/override the agent's output/instruction handling.