add-signal

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes explicit commands that require pasting a CAPTCHA token and verification code (and adding account values) verbatim into CLI commands and .env entries, so an agent following it would need to handle secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill clearly ingests arbitrary, untrusted Signal messages from external users (see SKILL.md "Wiring" / "Verify Signal" — e.g., "After the service starts, send any message to the Signal number... Pass the id to /init-first-agent or /manage-channels to wire it to an agent group"), which are delivered to agents and can materially influence their behavior.