zernio-api

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's curl examples explicitly include an Authorization: Bearer YOUR_API_KEY header, which encourages embedding API keys directly into generated commands or code and thus requires the LLM to handle secret values verbatim (exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's rules/tools.md explicitly exposes endpoints such as /v1/tools/instagram/download, /v1/tools/tiktok/download, /v1/tools/twitter/download and /v1/tools/youtube/transcript that let the agent fetch arbitrary public social-media content and transcripts (user-generated, untrusted) which the agent is expected to read/use and could materially influence subsequent actions.