ops-comms

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly accepts and may ask the user to "Paste webhook URL now" and shows invocation forms that embed full webhook URLs or tokens (e.g., passing a full Discord webhook URL or token as a command argument), so the agent can be required to include secret values verbatim in generated commands/requests.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated content (e.g., WhatsApp via wacli messages list --chat, Gmail threads via gog gmail thread get, Slack channel search, Discord/Telegram channel reads, and Notion page/comment fetches) and then summarizes/acts on that content to draft/send replies or post comments, which could allow untrusted third-party text to influence agent behavior.