release

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs retrieving secrets (password, OTP, NPM token) from 1Password and embedding them verbatim into commands/arguments and environment variables (e.g., --otp=, echo "$PASSWORD" |, NPM_CONFIG_TOKEN=), which requires the LLM to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The workflow ingests outsider-authored free text from GitHub PR content at runtime via gh pr view <number> --json title,author,number,url, where PR titles/authors/URLs are authored by external contributors and are then placed into the generated markdown/changelog that is fed back into the agent’s LLM context.