mono-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an explicit PAT example and instructs passing tokens via a --pat/--token CLI flag (direct command-line arguments), which requires the agent to handle or emit secret values verbatim and thus poses a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly tells the agent to run mono CLI commands (e.g., "mono articles list", "mono articles get", "mono questions list/get") against the public mono platform (mono.style / mono API), which returns untrusted, user-generated articles and Q&A that the agent is expected to read and that can materially influence subsequent actions.