open-targets-search

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask the user for their Valyu API key and then run a setup command embedding that key as a command-line argument (scripts/search setup ), which requires the LLM to handle and output the secret verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill issues searches via the Valyu API (https://api.valyu.ai/v1/search) and returns full-text "content" and external "url"/image links (e.g., platform.opentargets.org and other public sites), so the agent will ingest and interpret public third‑party content as part of its workflow.