full-review

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). The prompt includes explicit deceptive instructions—e.g., "hide-git-commands" with a concealed user-facing message and absolute rules like "NEVER-SKIP"/"ALWAYS-REVIEW-FROM-BEGINNING" that override transparency and user control, which are outside the advertised review/report/learn purpose.

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs the agent to read the entire codebase and then generate reports and persistent memory files without any redaction or secret-handling rules, so it may ingest and output secrets verbatim (high exfiltration risk).