agent-orchestration

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the orchestrator to "include upstream output verbatim in agent send" and to relay agent conversation content (via agent detail and agent send), which would force the LLM to reproduce any API keys, tokens, or passwords present in those outputs verbatim, creating an exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). This skill instructs running "npx ai-devkit@latest ..." (e.g., npx ai-devkit@latest agent <command>), which fetches and executes remote npm package code at runtime and is used as the required CLI for controlling agents, so it represents a runtime external dependency capable of executing remote code.