po-once

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly shows running the setup command with the API key as a command-line argument (e.g., --api-key po_live_org_), which instructs embedding the secret verbatim in generated commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill calls the Po Once agent API (e.g., GET /api/agent/v1/accounts, POST /api/agent/v1/keyword-search, GET /api/agent/v1/posts and analytics endpoints) which returns social-media and user-generated content (Threads/Meta/TikTok data) that the agent programmatically reads and uses to decide actions like posting, analysis, or deleting posts.