temp

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to "hardcode a value" and to "Always include what the original value was when replacing a value (was: ...)", which would force the LLM to echo any secret/API key/password present in the codebase verbatim, creating an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill explicitly instructs making reversible code changes that include disabling authentication/guards, forcing conditions, and surgically reverting edits — behaviors that can be easily repurposed as backdoors or to gain unauthorized access, so it presents a high risk despite not containing direct data-exfiltration or obfuscated payloads.