cosense

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt shows and encourages passing the connect.sid directly on the command line (e.g., --sid <sid>), which would require the agent to embed secret values verbatim in generated commands/outputs and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly directs the agent to fetch and read user-generated Cosense/Scrapbox pages via commands like "bunx cosense page get", "page search", and "bunx cosense export" (and notes "Public projects can be accessed without SID"), so the agent will ingest untrusted public third-party content that can influence subsequent actions (e.g., appends/creates), enabling indirect prompt injection.