zernio

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that pass API keys directly on the command line and in env exports (e.g., zernio auth:set --key "sk_your-api-key", export ZERNIO_API_KEY="sk_your-api-key"), which instructs the agent to include secret values verbatim in commands/outputs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The CLI explicitly retrieves and processes user-generated social content (DMs, post comments, reviews) — see the SKILL.md "Inbox (DMs, Comments, Reviews)" and "Comment-to-DM automations" sections and the implementation in src/commands/inbox.ts and src/commands/automations.ts — which an AI agent is expected to read and which can directly drive actions like replies or auto-DMs.