drugbank-search

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly tells the agent to ask the user for their Valyu API key and then run a command that embeds that key as a command-line argument (scripts/search setup ), which requires the LLM to handle and output the secret verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill performs runtime searches against Valyu's API (/search, e.g., includedSources "valyu/valyu-drugbank") and returns third-party web content (results[].url and results[].content, e.g., https://drugbank.com/ pages) that the agent is expected to read and use to drive its responses, so external content could materially influence behavior.