review-code

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires grepping repo files and extracting exact code snippets and diffs with file:line references as evidence, which would force the agent to output any hard-coded API keys, tokens, or passwords found in the code verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md explicitly instructs the agent to fetch and read PRs/commits (e.g., "gh pr view <pr_number> --json files", "gh pr diff", "git show") and Phase 3 agents grep/read those files to drive findings, so the skill ingests user-generated third‑party PR/commit content and uses it to determine actions, enabling indirect prompt injection.