setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The mcp.json template explicitly includes placeholders like "Bearer YOUR_NOTION_TOKEN" and instructs replacing them with real tokens, which encourages inserting secrets verbatim into config files and could cause an agent to request/echo those secrets in its output (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs browsing and capturing content from public competitor websites (Phase 2.5 bookmarks like Mobbin/PageFlows and the "Browser MCP" tip to "navigate to competitor apps and use browser_take_screenshot"), which requires ingesting untrusted third‑party web content that could carry indirect prompt injection.