pachca-messages

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly tells the agent to ask the user for a Pachca token and to run CLI commands using the --token flag (or show export with the token), which encourages the model to receive and embed secrets verbatim in commands/outputs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md and references explicitly instruct the agent to fetch and read user-generated chat content and attachments via commands like "pachca messages list", "pachca messages get" (with files[].url to download), and to base replies/actions on that content, so untrusted third-party user content can influence decision-making.