github

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes explicit examples and commands that place secret values verbatim on the command line (e.g., orbit ... secret set ... "secret-value" and "ghp_xxxxx"), so an LLM producing those commands or echoing user-provided tokens would need to handle secrets directly.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Although GitHub and api.github.com are legitimate services, these links point to a third‑party GitHub account and a raw install.sh plus a third‑party Scoop bucket—actions that instruct downloading and executing code from an unverified source, which is a high‑risk pattern for malware distribution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and reads user-generated content from public GitHub (e.g., PR details and comments via "orbit -p myprofile gh pr view" and "gh pr comments", issue bodies via "gh issue view/list", workflow run logs via "gh run view/watch") as part of its workflows, so untrusted third-party content could influence actions like approvals, merges, or reruns.