content-driven-development

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt instructs invoking a da-auth step to obtain a DA_TOKEN and then to call the DA Admin API (which implies embedding that token in API requests), meaning the agent would need to handle and likely include a secret token in generated requests—an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly instructs fetching and validating user-provided or public preview URLs (Step 4 Option A and Option C: "User Provided Test URL(s)" and "Invoke find-test-content"), and even pushing/fetching content via DA Admin APIs (da-auth), so the agent will ingest and interpret untrusted/third-party page content as part of its workflow which can materially influence implementation and subsequent tool actions.