rails-upgrade

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill requires including "user's actual code" and replacing placeholders with actual values in reports and config diffs (and reads config files like secrets.yml/Gemfile.lock), which would cause any secrets present in those files to be output verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to query public third‑party services at runtime — e.g., the mandatory Step 0 / references/multi-hop-strategy.md uses the RubyGems API (rubygems.org) to resolve latest patch versions and Step 4.5 / workflows/gem-compatibility-workflow.md references using the railsbump.org API and external bundle_report checks — these are untrusted public sources whose responses the agent is expected to read and which directly influence upgrade decisions and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent at runtime to query the RubyGems API (curl -s https://rubygems.org/api/v1/versions/rails.json ...) to resolve the latest patch version and drive upgrade decisions, so this external URL is fetched during runtime, its content directly controls the agent's instructions/flow, and the skill treats it as a required runtime dependency.