pnote

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes commands that set or pass PATs/PINs inline (e.g., pnote auth token <pat>, PNOTE_PIN=1234 pnote ..., echo "1234" | ...), which require the agent to accept and embed secret values verbatim in generated commands, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill calls the PromptNote cloud via the pnote CLI (e.g., pnote notes get, pnote search, and pnote skills pull as documented in SKILL.md/README) and ingests user-generated notes/snippets — including "note_type=skill" files downloaded into ~/.claude/skills/ — which the agent reads and can execute, allowing untrusted third-party content to influence agent behavior.