memento-flashcards

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill repeatedly instructs the agent to embed user-provided text (questions, answers, --user-answer values, and JSON for quizzes) verbatim into shell command arguments and visible feedback, so any secret the user supplies would be output/emailed through the agent (direct exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's YouTube quiz flow explicitly fetches transcripts from public YouTube videos (see "YouTube Quiz Generation" in SKILL.md and scripts/youtube_quiz.py fetch VIDEO_ID), which are untrusted, user-provided third-party content that the agent ingests and uses to generate quiz questions and cards, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill fetches YouTube transcripts at runtime (e.g., https://www.youtube.com/watch?v=VIDEO_ID and https://youtu.be/VIDEO_ID via youtube_transcript_api) and injects that transcript into the agent’s LLM context to generate quiz questions, so external content can directly control prompts for the YouTube-quiz feature.