security-scanner

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly requires including "actual vulnerable code snippet as evidence" and flags hardcoded secrets/.env values, which forces the LLM to read and output secret values verbatim (exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow can ingest outsider-authored free text when it clones a user-supplied GitHub repository URL (Step 1) and then reads arbitrary source/config files from that cloned repo (Step 2/3) into the LLM context for analysis and for quoting flagged code snippets.