readx

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user for their readx API key and instructs building URLs/commands that embed the API key (e.g., https://readx.cc/mcp?apikey=<API_KEY> and direct curl usage), which requires the LLM to handle and output the secret verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly directs the agent to fetch and analyze Twitter/X content via the readx API (e.g., search_tweets, MCP URL https://readx.cc/mcp?apikey=... and curl https://readx.cc/api-docs.txt), meaning the agent will ingest public, user-generated tweets and posts that could contain untrusted instructions influencing its decisions or actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent to fetch runtime instructions from https://readx.cc/api-docs.txt (and to use the remote MCP endpoint https://readx.cc/mcp?apikey=<API_KEY>), which supply endpoint names and response JSON paths that directly control how the agent constructs and parses requests, so this is a required external runtime dependency that controls agent behavior.