self-management

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill documents sensitive config keys (e.g., tts.apiKey) and instructs using commands like alma config set <path> <value>, which implies the agent will embed API keys/secret values verbatim in CLI commands if asked to set them, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and persists user-provided "Per-Group Rules" (from group chats) into files like ~/.config/alma/groups/.rules.md and "Rules are automatically injected into your system prompt" (SKILL.md Per-Group Rules), meaning untrusted group/user-generated content is read and can directly influence the agent's behavior.