An attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line tool. This impacts scanning DKIM keys (both --dkim and --dkim-dns), SSH keys (--ssh-lines mode), and filenames in various modes.
This has been fixed with the following commits: https://github.com/badkeys/badkeys/commit/de631f69f040974bb5fb442cdab9a1d904c64087 https://github.com/badkeys/badkeys/commit/635a2f3b1b50a895d8b09ec8629efc06189f349a
All users should upgrade badkeys to version 0.0.16.
https://github.com/badkeys/badkeys/issues/40