adversarial-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires embedding the reviewed code/diffs into CLI invocation strings (e.g., codex exec "prompt" or claude -p "prompt"), which forces the agent to include any verbatim content from those files — including API keys or passwords — in command-line arguments and outputs, creating a direct exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill explicitly instructs sending repository diffs, code, and principle files to external model CLIs (codex exec / claude -p), runs those CLI processes in the background (optionally with an "edit" profile to run tests), and bypasses repo checks—behavior that creates a high risk of deliberate data exfiltration of source code, secrets, or environment tokens and could enable remote execution or supply-chain abuse.