critical
suspicious.exposed_secret_literal
- Location
- references/voice.md:42
- Finding
- File appears to expose a hardcoded API secret or token.
Bengii Gemini Fix
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.exposed_secret_literal, suspicious.prompt_injection_instructions, suspicious.secret_argv_exposure
Findings (3)
warn
suspicious.prompt_injection_instructions
- Location
- references/memory.md:58
- Finding
- Prompt-injection style instruction pattern detected.
critical
suspicious.secret_argv_exposure
- Location
- references/gateway_ops.md:84
- Finding
- Instructions pass high-value credentials through process argv.