bug-triage

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs the agent to cat config/session files and include "full context" in issue bodies/comments (heredocs and gh api payloads) without any redaction guidance, which can require the LLM to emit secret values verbatim (config values, tokens, cookies) into generated outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs the agent to "Read full thread" from Discord/Slack (section 2a) and to fetch GitHub issue bodies/comments and repository files via gh issue view / gh api (sections 2a, 4 and the included scripts/push_fix_to_github.py), so it ingests untrusted, user-generated third-party content and uses that content to drive triage decisions and automated actions.