research

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read files fully and produce copy-pasteable code snippets, file:line references, and reusable snippets from the codebase—so any hardcoded API keys, tokens, or passwords present in those files would be ingested and likely emitted verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The required "web-researcher" agent in Step 6 explicitly fetches external "official_docs", "best_practices", and returns URLs (populated into the section and used in synthesis/recommendations), so the skill ingests and acts on public third‑party web content that could carry untrusted instructions.