call-external-ai

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs embedding file contents and environment outputs into CLI invocations (e.g., codex exec "Review for bugs: $(cat file.ts)" and env | rg ...), which can cause secrets from files or env vars to be included verbatim and sent to external AI CLIs.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill explicitly instructs inspection and unsetting of Google/GCP project environment variables to bypass Gemini auth, and maps local files and uncommitted changes into external AI CLI invocations (codex/gemini), which enables deliberate credential circumvention and potential data exfiltration to external services — high risk.