openkakao-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt contains examples and instructions that embed secrets verbatim in CLI flags and headers (e.g., --webhook-signing-secret 'super-secret', --webhook-header 'Authorization: Bearer token') and describes extracting tokens from local files, which encourages the agent to output or propagate secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests user-generated KakaoTalk chat content (e.g., via "openkakao-rs loco-read" and "openkakao-rs watch" in the LOCO/Watch workflows) and can forward/act on those messages via --hook-cmd/--webhook-url and unattended send flags, so untrusted third-party message content can influence agent actions.