ara-compiler

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires reading and faithfully transcribing source files (including prioritized "environment files" and exact values into configs/evidence/environment.md) and mandates exact/raw transcription, so any secrets present in inputs would be included verbatim in generated outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly accepts and fetches open third‑party inputs (e.g., "Possible inputs include PDF papers, arXiv links, GitHub repositories" and "When arguments are provided (...) URLs → fetch or clone them" in SKILL.md) and requires the agent to read and act on that untrusted content to generate ARA files and drive validation/code-generation, so such content could materially influence agent actions and enable indirect prompt injection.