pachca-messages

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly requires using an Authorization: Bearer <ACCESS_TOKEN> header and tells the agent to ask the user for the token if unknown, with curl examples that include the token in requests, so the agent would need to receive and embed secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and processes user-generated chat content and attachments (e.g., "Получить историю сообщений чата" — GET /messages, "При анализе любого сообщения ... всегда проверяй вложения через GET /messages/{id}" and files[].url direct downloads), and those messages/webhook payloads are read and used to decide replies and actions, exposing the agent to untrusted third-party content.