ln-641-pattern-analyzer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill mandates reading code files and documenting evidence (file path + line and code references) in generated reports, which can force the model to reproduce any secrets present in those lines verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts/uses "bestPractices" from MCP Ref/Context7/WebSearch and its workflow MANDATORY READs (references/research_tool_fallback.md and the evaluation_research_contract) instruct the agent to run WebSearch/WebFetch as part of the research fallback chain, so the agent will ingest public web/search results and let that untrusted third‑party content influence scoring and findings.