patents-search

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask the user for their Valyu API key and then run a command embedding that key verbatim (scripts/search setup ), which requires the LLM to handle and output secret values.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly calls the Valyu search API and returns full-text patent content and external URLs (see SKILL.md "API Endpoint", "Output Format", and processing examples that extract '.results[].content' and '.results[].url'), so the agent will ingest public third-party patent webpages/content that could contain instructions influencing its subsequent analysis or actions.