codeprobe

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The orchestrator explicitly pre-loads and supplies full source file contents to sub-skills and requires "evidence" that quotes relevant lines and copy-pasteable fix prompts, which would force the model to include any literal secrets found in files (API keys, tokens, passwords) verbatim in its output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The orchestrator explicitly pre-loads and "Read[s] all source files at the target path" and then includes those file contents in sub-skill prompts ("Pre-loaded source files" formatted and passed to each sub-skill) (Section 4: Pre-Loading Phase and Invocation Protocol), so arbitrary/untrusted user-generated code is ingested and can directly influence agent decisions and tool use.