kimaki-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill runs npx kimaki commands and directly parses their outputs (e.g., PROJECTS_JSON from npx -y kimaki project list --json, SEND_OUTPUT from npx -y kimaki send, and DB info from npx -y kimaki sqlitedb) which ingest user-generated/session/Discord content and then use those results to extract IDs/paths and drive actions (inserting DB rows, choosing thread IDs), exposing the agent to untrusted third‑party content that can influence behavior.