configure-notifications

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks users to paste tokens, webhook URLs, and IDs and contains scripts and UI summaries that echo and embed those secret values verbatim (e.g., printing/writing them and using them in curl commands or config/env lines), creating a direct exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). SKILL.md includes explicit runtime steps that call third-party APIs (e.g., curl "https://api.telegram.org/bot${BOT_TOKEN}/getUpdates" to fetch Telegram messages and parsing responses from Telegram/Discord/Slack webhooks) — these are untrusted, user-generated API responses that the workflow parses to extract chat/channel IDs and error descriptions and thus can influence configuration and subsequent actions.