adaptive-guard

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The LLM judge (K3) is explicitly instructed to "quote" evidence from suspicious messages and return it in its JSON output (and logs/notifications may include message contents), which would require reproducing any secrets present verbatim and thus enables exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and analyzes untrusted external content (files, URLs, API responses) as part of its required workflow — e.g., SKILL.md and references/static-rules.md state "Scan content originating from external sources (files, URLs, API responses)" and references/learning-examples.md includes a user-uploaded .txt and "URL poisoning" that K2/K3 will read and use to block, pass, or synthesize new rules.