align-mental-model

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires quoting file/line evidence in codebase mode (and to read relevant code) so if those files contain API keys, tokens, or passwords the agent would be expected to reproduce them verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill's Learning mode explicitly requires a source (docs URL, paper, repo) or will perform a "web search with citation," and Planning mode verifies "verifiable-now" via web, so the agent ingests and acts on open/public third-party web content that could contain untrusted, user-generated instructions.