workos-api-organization

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes a literal API key ("sk_live_1234567890abcdef") and shows it inline in Authorization headers and an export command, which requires the agent to handle or could cause it to output secret values verbatim.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent at runtime to "WebFetch the relevant docs" and relies on the content of https://workos.com/docs/reference/organization (and related https://workos.com/docs/reference/organization/* pages) to determine implementation details, meaning fetched external documentation would directly control the agent's prompts/instructions.