red-team-bundler

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly instructs the agent to collect and bundle source files (including auth directories) and write their contents verbatim into a payload for an external reviewer, so any secrets embedded in those files would be output directly and could be exfiltrated.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill explicitly enables and automates offensive "red team" workflows — it crafts attack-oriented prompts (telling a receiving AI "how to attack"), forces those instructions to be read first (prompt-injection), and packages arbitrary project or absolute-path files into a bundle for external LLMs or human reviewers, which deliberately facilitates targeted attacks and potential data exfiltration (including secrets) even though the scripts themselves do not perform network exfiltration.