research-powerpack-guide

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs tools and the agent to extract and return exact quotes, code, and "config values" (and to scrape "auth" fields), which would require the LLM to handle and potentially output secret credential values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs the agent to fetch and scrape open web pages and user-generated content (web_search -> scrape_links, search_reddit, get_reddit_post) and to read/interpret those sources as part of required workflows (see "The Five Tools" and the Pattern A/B/C workflows in SKILL.md), which exposes the agent to untrusted third‑party content such as public websites and Reddit threads.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill explicitly requires the external Research Powerpack MCP server (https://github.com/cyberchitta/research-powerpack-mcp) to be connected at runtime, and that server's tools (web_search -> scrape_links, get_reddit_post, etc.) fetch and inject remote page content into the agent's context, meaning external URLs fetched via the MCP server can directly control prompts and agent behavior.