acceptance-check

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly extracts and reprints the exact checklist lines from an issue's "受け入れ条件" and includes them verbatim in its report, so if those lines contain API keys/tokens/passwords the LLM will output them (exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required execution step (gh issue view --json body) fetches GitHub issue bodies (user-generated, potentially public content) and the agent parses the ## 受け入れ条件 section to produce ✓/✗/? decisions, so untrusted third-party text can materially influence its checks.