do

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs embedding the raw {user_request} into command-line invocations and logging (e.g., python3 scripts/index-router.py --request "{user_request}" and learning-db.py record "request: {first_200_chars}"), which would force any secrets present in the user's input to be output verbatim in commands/logs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill and its references (e.g., skills/do/references/parallel-analysis.md and references/routing-tables.md) explicitly require reading "source material" and route to skills like github-profile-rules and bluesky-reader that fetch public GitHub repositories and Bluesky feeds; those are untrusted, user-generated public sources whose content is read and then used to drive edits/commits and agent actions, so third‑party content can materially influence tool use and decisions.