session-share

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill exports full conversation (including tool calls and files) and while it redacts keys by default it explicitly provides a --no-sanitize option and can include "thinking" blocks, meaning the agent could be instructed to output secret values verbatim from the session.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests arbitrary exported session files shared via Slack/email/AirDrop (SKILL.md) and the import.sh script reads and loads the .json export's "messages" into a resumed Claude session (scripts/import.sh uses jq '.messages[]' and sets the session to resume), so untrusted user-generated content can directly influence the agent's next actions.