wiki-link

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill asks the user for git remote URLs and then runs/outputs git clone commands using that URL, so if the URL contains embedded credentials (e.g., https://user:pass@ or token-bearing URLs) the LLM would need to include those secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly performs git clone on a user-provided remote URL (see "2-B. git remote URL" and step 4: "git clone") and then reads the cloned repository's .wiki/wiki-manifest.yaml to decide whether to keep the symlink, so untrusted repository content can influence the agent's actions.