gram

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The CLI explicitly accepts and documents passing sensitive cookies via flags (e.g., --session-id, --csrf-token, --ds-user-id), which encourages embedding secret values directly in generated commands/outputs, creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md shows it fetches and displays user-generated Instagram content (e.g., "gram post", "gram comments", "gram feed", "gram explore") from the public web and also provides engagement commands, meaning untrusted third-party content is read and can influence subsequent actions.