monologue-notes

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to ask the user for a Monologue API token and even shows a non-interactive command that embeds the token verbatim (monologue onboarding --token "mono_pat_..."), which requires the LLM to receive and include secret values in output/commands.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). This is a direct link to a raw .sh installer (install.sh) served from a GitHub repo of unclear trustworthiness and the skill even recommends curl ... | sh — a high-risk pattern because it executes unverified code that could perform arbitrary/malicious actions.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and interprets user-generated notes and transcripts from Monologue's public API (see GET /v1/public-api/notes and GET /v1/public-api/notes/{note_id} in references/api.md), so untrusted third-party content could be read by the agent and influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's setup explicitly runs a remote install script at runtime via "curl -fsSL https://raw.githubusercontent.com/EveryInc/monologue-toolkit/main/install.sh | sh", which fetches and immediately executes remote code and is required to provide the CLI the skill depends on.