hackernews

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill references a local credentials file (.env.profiles.local) and includes browser actions like form_input/computer(type) that require inserting credential values verbatim into login forms, so the LLM would need to handle/output secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly navigates to and reads public, user-generated Hacker News pages (e.g., news.ycombinator.com and hn.algolia.com) via Browser MCP commands like navigate/read_page/get_page_text in references/research.md and references/engage.md, and it uses that content to decide and perform engagement actions (research, draft, and post), so untrusted third-party content can materially influence behavior.