eve-cli-primitives

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples that pass secret values directly on the command line (e.g., eve secrets set API_KEY "value" and --token xoxb-test), which requires the agent to handle and emit secrets verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly documents Slack gateway and Nostr command flows (e.g., "Slack gateway commands (run inside Slack): @eve " and "Nostr commands (via DM to platform pubkey)"), meaning the agent ingests user-generated messages from third‑party/social platforms that can direct agent actions.