proof-of-work

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). This skill requires capturing and embedding actual command output (including environment variables and config files) as evidence, which can force the LLM to disclose secret values verbatim if they exist in the environment or files.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Validation Protocols and related modules (e.g., modules/validation-protocols.md and SKILL.md) explicitly instruct the agent to perform web searches and check public GitHub issues, community forums (Reddit, Stack Overflow), and other external docs—untrusted, user-generated sources that the agent is expected to read and that can change its recommendations—creating a clear vector for indirect prompt injection.