skill-auditor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The auditor prompt requires producing verdicts "with evidence" and explicitly looks for hardcoded API keys, tokens, and credential files without instructing redaction, so an LLM performing the audit may need to reproduce secret values verbatim in its report.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The presence of an HTTP raw IP address (185.143.x.x) is a high-risk indicator for direct malicious payload hosting, and while the GitHub repo URL is lower risk in general, an unknown/unverified account can still distribute malicious releases — together these sources are suspicious for malware distribution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and processes "file / paste / URL" inputs (SKILL.md one-liner) and Step 1 instructs the auditor to "Read the agent's configuration file (SKILL.md, prompt file, or equivalent)", so it will fetch and interpret arbitrary third-party web content/URLs which can materially influence audit decisions.