gitcode-merge-flow

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). It asks for/reads GITCODE_ACCESS_TOKEN and explicitly instructs embedding the token verbatim in URLs (e.g., https://oauth2:@gitcode.com/...), which requires the agent to handle and output the secret directly, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and interprets public, user-generated PR comments and PR details via the GitCode API (see SKILL.md steps 7–8 and scripts/get_pr_comments.py / scripts/get_pr_details.py and references/api.md) and uses that content to decide hanging/resuming/merging actions, so untrusted comments could materially influence agent behavior.