memos-skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). Insecure: the skill explicitly asks for and demonstrates embedding an access_token (e.g., "abc123") into config.json and shows constructing Authorization headers with that token, which requires the LLM to handle and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md instructs the agent to fetch and read user-generated content from a configured memos instance (the instance_url in config.json) using endpoints like GET /api/v1/memos and GET /api/v1/memos/{memo} (including comments/attachments), so untrusted third‑party memos could contain instructions that materially influence subsequent actions such as searches, PATCH updates, or deletes.