minio

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly enables listing, downloading, and accessing objects (mc ls, mc cp, mc share, curl with pre-signed URLs) from S3 endpoints including the public MinIO Play sandbox (play.min.io), which can contain arbitrary/untrusted user-generated content the agent would read.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned for literal, high-entropy values. The documentation includes two explicit credential values under "For testing, use MinIO Play (public sandbox)":
• MINIO_ACCESS_KEY="Q3AM3UQ867SPQQA43P2F"
• MINIO_SECRET_KEY="zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG"

These are not placeholders (they are full, random-looking strings) and meet the entropy requirement for real credentials. Although they are published as MinIO Play (a public sandbox), they are actual, usable access and secret keys and therefore count as hardcoded secrets in the text. I did not flag other simple/example values or environment variable names because those are placeholders or low-entropy examples.