fix-hard

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt mandates producing explicit "file:line" evidence and re-reading/writing entire files as proof for claims (and to generate fix reports), which can force the agent to include verbatim file contents — potentially exposing API keys, tokens, or passwords found in code/config — even though it doesn't explicitly ask for keys from the user.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory workflow explicitly instructs using a "researcher" subagent to "research quickly about the root causes on the internet (if needed) and report back to main agent," which requires fetching and interpreting open/public web content that can influence diagnosis, planning, and code changes (e.g., the Researcher step in the Workflow section), exposing the agent to untrusted third‑party content and potential indirect prompt injection.