styleguide

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs embedding the output of gh auth token into a plaintext git-credentials URL (echo "https://GGPrompts:$(gh auth token --user GGPrompts)@github.com"), which requires retrieving and writing a secret token in cleartext and thus forces handling/exposure of credentials.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill contains an explicit, intentional credential-handling command that retrieves a GitHub CLI auth token and writes it into a plaintext ~/.git-credentials file (then uses it to push), which is a deliberate credential-exfiltration/persistence pattern and therefore high-risk malicious behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md Phase 1 research steps explicitly instruct sonnet subagents to "Research the aesthetic movement" and "Search Google Fonts" (public web sources), so the agents will fetch and interpret untrusted third-party content that can influence design and build decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs the agent to modify project files, change global git configuration, write persistent credentials to ~/.git-credentials using an auth token, and push to remote — actions that alter machine state and can exfiltrate secrets.