critical
suspicious.exposed_secret_literal
- Location
- skills/rune-ext-ecommerce.md:463
- Finding
- File appears to expose a hardcoded API secret or token.
Rune
AdvisoryAudited by Static analysis on May 17, 2026.
Overview
Detected: suspicious.exposed_secret_literal, suspicious.prompt_injection_instructions
Findings (6)
critical
suspicious.exposed_secret_literal
- Location
- skills/rune-ext-zalo.md:1060
- Finding
- File appears to expose a hardcoded API secret or token.
warn
suspicious.prompt_injection_instructions
- Location
- skills/rune-browser-pilot.md:153
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- skills/rune-ext-ai-ml.md:807
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- skills/rune-ext-chrome-ext.md:448
- Finding
- Prompt-injection style instruction pattern detected.
warn
suspicious.prompt_injection_instructions
- Location
- skills/rune-ext-zalo.md:431
- Finding
- Prompt-injection style instruction pattern detected.