primitive-chat

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires collecting and embedding sensitive values (email verification codes, signup-tokens, and OAuth tokens) verbatim into CLI commands and agent output, forcing the LLM to handle secrets directly and risking exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The runtime workflow can send arbitrary free-form <message> content to an outsider email inbox (vendor/agent address discovered from external docs/llms.txt), and the threaded reply body is then ingested back into the agent context via primitive chat ....