repo-value-analysis

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.95). The pipeline mandates reading EVERY file (including configs/.env or other secrets) and producing file-level summaries and evidence with no redaction or secret-handling rules, so agents will likely output secret values verbatim, creating high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly clones arbitrary external GitHub repositories in Phase 1 ("git clone --depth 1 /tmp/<REPO_NAME>") and then requires Phase 2 DEEP-READ agents to "Read EVERY file" from those public, user-generated repos, so untrusted third-party content is ingested and can directly influence recommendations and subsequent agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs a runtime clone of an arbitrary repository via "git clone --depth 1 " (e.g., https://github.com/org/repo) and then instructs agents to read every file—including prompts/agents/personas—thereby injecting remote repository content into agent context and directly influencing agent prompts/behavior.