patents-search

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask the user for their Valyu API key and then run a command embedding that key verbatim (scripts/search setup ), which requires the LLM to handle and output secret values.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill queries the Valyu API (https://api.valyu.ai/v1/search) to fetch full-text patents and returns content and URLs (e.g., patents.google.com) from public, third-party patent repositories that the agent is expected to read and interpret as part of its workflow.