researching-codebase

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill requires reading files "FULLY" and synthesizing/including code references and file contents (file:line snippets) in generated research documents, so if those files contain API keys, tokens, or passwords the LLM would likely output them verbatim and exfiltrate secrets.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly allows running a "web-search-researcher" in the Research Phase ("For web research (only if user explicitly asks) ... IF you use web-research agents, instruct them to return LINKS with their findings, and INCLUDE those links in your final report"), which means the agent can fetch and incorporate untrusted public web content that could contain executable instructions influencing its analysis and actions.