biorxiv-search

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to ask the user for their Valyu API key and then run a shell command embedding that key verbatim (e.g., scripts/search setup <api-key> / example shows val_abc123...), requiring the LLM to handle and output the secret directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and output examples show it queries the Valyu API (https://api.valyu.ai/v1) / bioRxiv corpus and returns full article text and URLs ('.results[].content' and 'url' from bioRxiv), meaning the agent ingests open/public third‑party preprints that could contain untrusted, instruction-like content.