github-configure-package-managers

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's templates and instructions require embedding plaintext credentials and tokens (e.g., username:password in pip.conf and GOPROXY, curl -u, helm --password, and explicit token fields) into config files and commands, which would force the LLM to include secret values verbatim and thus create an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow in SKILL.md explicitly shallow-clones remote GitHub repositories ("Shallow-clone the repo into a temp directory") and then scans/reads project files (e.g., "find all Dockerfiles" and update FROM lines) so it ingests user-generated, potentially untrusted repository content which the agent must interpret to decide and perform code modifications.