pikastream-video-meeting

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's join/leave commands include fields that require embedding secret values verbatim (e.g., --meeting-password and --session-id, and potentially a voice ID read from files), meaning the LLM may need to output or relay sensitive credentials on the command line.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's join flow (SKILL.md "Join Flow") and the script scripts/pikastreaming_videomeeting.py (cmd_join) send a user-provided --meet-url to the PikaStreaming API to connect to live Google Meet/Zoom calls, meaning the agent will ingest and act on untrusted, user-generated meeting audio/video from third-party participants.