codeck-outline

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to scan and extract content from local project files (including code, JSON/YAML/CSV) and to copy snippets/assets into outline.md and an asset manifest without excluding or redacting config/.env secrets, so it may read and emit API keys or passwords verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Research to fill gaps" section explicitly instructs the agent to "search the web" and "find" public sources and "Integrate findings naturally into the outline" (citing sources), meaning the agent will fetch and interpret open, untrusted third‑party web content as part of its workflow—exposing it to potential indirect prompt injection.