hackathon-judge

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires reading files fully and reporting evidence as specific file:line "what it shows" (including .env files and hardcoded secrets) with no instructions to redact, which can cause the model to output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's PASS 2 (Demo Analysis) explicitly accepts and analyzes public video URLs ("Public video URL (YouTube, MP4, Loom, etc.)") and the resulting pass2-demo.json items are read by PASS 3 to influence scoring, so untrusted/user-generated third‑party content is fetched and directly affects the agent's decisions.