zonasul-groceries

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly shows embedding sensitive values (e.g., credit card CVV as --cvv XXX) in command-line examples and references a JWT token env var, which encourages the agent to include secrets verbatim in generated commands or code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The CLI explicitly fetches and consumes content from the public Zona Sul website (see SKILL.md search/checkout commands and SETUP.md instructions to open https://www.zonasul.com.br and copy cookies/orderFormId), and those live product/search/delivery/checkout responses are read and used to choose items, windows, and perform checkout actions—exposing the agent to untrusted third-party content that could carry indirect instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes commands to place orders and perform credit-card checkouts (e.g., ./zonasul checkout --window 0 --cvv XXX --confirm) and exposes a CVV env var (ZONASUL_CVV). It directly executes payment/checkout operations and reports payment statuses ("Pagamento Aprovado"), so it is specifically designed to move money/charge cards rather than being a generic tool.