metis-strategy/metis-claude-help
Central hub for skill registry, FAQ, tips, and bug reporting
14
18%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Risky
Do not use without reviewing
Security
2 findings — 1 high severity, 1 medium severity. You should review these findings carefully before considering using this skill.
W008: Secret detected in skill content (API keys, tokens, passwords)
What this means
Detected sensitive credentials directly embedded within the skill content, such as API keys, access tokens, private keys, or service-specific secrets. Secrets should never be hardcoded in plain text within skill instructions.
Why it was flagged
Secret detected (high risk: 1.00). The file config.json contains a full Slack incoming-webhook URL: https://hooks.slack.com/services/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 (also shown in the provided <potential_matches>). This is a high-entropy, literal credential that allows posting to the Slack channel and is not a placeholder or redacted value. It meets the definition of a secret and should be treated as an active credential (rotate/remove from source and move to a secrets store).
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.85). Outsider-authored free text is ingested into the agent’s LLM context via `scripts/registry.py` and `scripts/faq.py` reading arbitrary `SKILL.md`/`tile.json`/FAQ `.md` files from the shared G Drive skill/FAQ directories at runtime, then printing their contents (including descriptions/tip bodies) into the conversation.
- Audited
- Security analysis