pubnub-chat

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt shows API keys/authKey as string literals in the initialization example and requires the LLM to include SDK initialization with keys in outputs, which encourages embedding secret values verbatim (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's examples explicitly connect to and fetch messages and history from channels (e.g., channel.connect, channel.getHistory, createPublicConversation and message.files in references/chat-features.md and chat-patterns.md), which ingests untrusted, user-generated content from public channels that the agent would read/interpret.