slax-reader

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly supports a non-interactive login path using reader-cli login --api-key <key> and instructs the agent to ask the user for an API key if they choose that path, which creates a direct route for the LLM to receive and potentially emit secret values verbatim (even though the prompt also warns not to print keys).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to use reader-cli commands like reader-cli get <bookmark-id> --markdown to fetch, open, inspect, summarize, and further process bookmarked webpages (arbitrary user-provided/public URLs), so the agent will ingest and act on untrusted third-party content from the open web.