medrxiv-search

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to ask the user for their Valyu API key and then run commands like scripts/search setup <api-key> (and shows examples embedding api_key directly in code), which requires the LLM to include secret values verbatim in generated commands/code and thus exposes them.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill calls the Valyu API to search medRxiv and explicitly returns and instructs the agent to read "full article content" (see "Full-Text Access" and the example output/results[].content in SKILL.md), thereby ingesting untrusted public preprint content that could influence downstream decisions.