memory-persistence

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill's entity-extraction prompt and memory save/reload flow cause conversation "content" to be emitted verbatim into JSON and later injected into agent context, so any secrets present in user conversation (API keys, tokens, passwords) would be output and persisted directly, enabling exfiltration.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The GitHub repository looks like normal code hosting (lower risk), but the domain googleadsagent.ai is a non-official, potentially typosquatting/impersonating domain that could host or link to untrusted downloads, so the combined sources are moderately to highly suspicious.