github-actions

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes an explicit example of a GitHub token literal passed verbatim in a CLI command ("act -s GITHUB_TOKEN=ghp_xxx") and tells the agent to execute real API calls/tests, which encourages embedding or echoing secrets directly in commands or outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's instructions explicitly require reading repository files and making GitHub API calls (see the @actions/github examples and the "Anti-Fabrication Requirements" lines like "Execute Read or Glob tools to verify action files exist" and "Execute actual API calls with @actions/github before documenting responses"), which pulls public, user-generated content from GitHub/Marketplace that the agent is expected to interpret and that could materially influence its actions.