puresnap

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt embeds a plaintext API key and example curl commands that include that key in request headers, which forces the agent to output the secret verbatim (direct credential-in-command use) — an insecure pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly sends user-provided social-media/post URLs to the third‑party MeowLoad API (see SKILL.md "Privacy & Data Disclosure" and the "Workflow"/"Extract Media" sections), then parses returned JSON fields like text, medias[].resource_url, headers and subtitles and uses them to select/download/act on content, which exposes the agent to untrusted, user-generated third‑party content that could carry instruction-like payloads.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The prompt contains a literal API key value "376454-087dd0budxxo" presented as "API Key built-in, ready to use immediately" and used directly in example requests (x-api-key header). This is not a placeholder (e.g., YOUR_API_KEY) and appears to be a real, usable credential embedded in the docs — therefore it meets the definition of a secret (literal credential with non-trivial entropy).

Ignored items: the environment variable name MEOWLOAD_API_KEY is just a variable name (not a secret value), numeric example "availableCredits": 6666 is not a credential, and there are no obvious low-entropy setup passwords or placeholders to flag.