configure

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The wizard explicitly asks for a webhook endpoint (and references an API key for Tavily) and then inserts that webhook URL directly into generated shell commands and saved config entries, which forces the LLM to echo secret values verbatim in its output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the skill's configuration (SKILL.md Step 5 "Configure MCPs" and references/mcp-config.md) explicitly enables the Tavily and other cloud MCPs (tavily_search / tavily_extract / tavily_crawl) which fetch and extract arbitrary public web pages used by agents like web-research-analyst and market-intelligence, meaning untrusted third‑party content is ingested and can influence agent decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill documents a runtime remote MCP endpoint for Tavily (e.g., https://mcp.tavily.com/mcp/?tavilyApiKey=YOUR_KEY) which, when enabled at runtime, returns extracted web/markdown content that is injected into agent context (directly influencing prompts) and is used as a primary research tool by agents like web-research-analyst.