review-ai-writing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs the agent to read repository files, commit messages, and PR bodies and to write the found "original_text" verbatim into a JSON report and summary with no redaction, so any API keys or secrets present in those artifacts would be exposed in the output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly reads user-generated GitHub PR bodies via "gh pr view --json body" and commit messages from git log as part of the Git Agent workflow (SKILL.md steps for the Git Agent), which ingests untrusted third-party content and uses it to produce findings and drive follow-up actions.