session-logs

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). Insecure: the skill explicitly reads and prints raw session JSONL messages (via jq/rg), which will verbatim expose any API keys, tokens, cookies, or passwords present in past messages and thus enables secret exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill reads and analyzes local session logs stored under ~/.thinkfleetbot/agents//sessions/, and the SKILL.md explicitly notes the sessions index maps chat providers (discord, whatsapp, etc.), so it ingests user-generated third‑party messages (untrusted content) as part of its workflow which can influence agent decisions.