nak

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt repeatedly shows passing private keys/secrets directly on the command line (e.g., "--sec ", "--sec $(cat /path/to/key.txt)") and printing/saving private keys, which would require an LLM to embed secret values verbatim in generated commands or code, creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's nak commands (e.g., nak fetch, nak req, --stream) explicitly fetch and stream events from public Nostr relays (e.g., wss://relay.example.com, relay.primal.net, eclipse.pub), which are untrusted, user-generated third-party content that the agent reads and interprets as part of its workflow.