session-logs

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to extract and print raw message text from session JSONL files (e.g., using jq to output .text or rg to list files), which will verbatim expose any API keys, tokens, or passwords present in past conversations.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads and analyzes conversation transcripts stored at ~/.otto/agents//sessions/*.jsonl (with sessions.json mapping to chat providers like discord/whatsapp), meaning it ingests untrusted, user-generated third-party messages and uses them to drive searches and responses, which could enable indirect prompt injection.