audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires reading artifact and evidence files and explicitly instructs the agent to quote "the problematic passage" verbatim in findings, which would force any embedded secrets (API keys, tokens, passwords) to be included in the LLM's output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — SKILL.md's Phase 5 factual verification tracks (T3/T4/T5) explicitly instruct the agent to perform web search and load the /research skill to fetch and interpret public third‑party web pages and docs, which the agent uses to make factual determinations that materially affect its findings.