manage-data

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes examples that embed API keys directly in shell commands and git URLs (e.g., export ZEROEVAL_API_KEY="sk_ze_..." and git clone https://:@...), which can cause an agent to output user secrets verbatim even though some parts mention reading from env vars.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly pulls and iterates datasets from the LLM Stats/ZeroEval backend via ze.Dataset.pull (see Step 3a and references/dataset-lifecycle.md), which can retrieve public/user-generated benchmark data that the agent reads and uses in tasks—allowing untrusted third‑party content to influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Git-based workflow instructs runtime cloning/pushing from git.llm-stats.com (e.g., git clone https://git.llm-stats.com//.git or https://user:@git.llm-stats.com//.git) and the platform auto-detects/runs scorers/*.py from repository contents, so fetched repo code can be executed and directly control evaluation behavior.