Nia

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). This prompt includes examples that pass API keys, OAuth tokens, and passwords as literal command-line arguments or echoed strings (e.g., slack.sh register-token xoxb-your-token, auth.sh login-key <email> <password>, echo "your-api-key-here" > ~/.config/nia/api_key), which would require the LLM to include secrets verbatim in generated commands or code and thus presents a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and accompanying scripts explicitly show the agent indexing and reading arbitrary external content (e.g., sources.sh index "https://docs.example.com", search.sh web/deep, github.sh/tracer.sh live GitHub search, slack.sh messages, google-drive.sh browse/index), meaning the agent ingests untrusted public or user-generated content which is then used to generate AI responses and drive autonomous research/actions (oracle/tracer), creating a clear avenue for indirect prompt injection.