html-canvas

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs the agent to ingest and render real source content (files, git diffs, browser/MCP context) and to "render the actual diff" and provide copy/export buttons, which can require including API keys, tokens, or passwords verbatim from those sources and gives no guidance to redact them.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow explicitly ingests external content ("sources" can include URLs, and step 6: "Read files, fetch URLs (WebFetch), run MCP queries, and inspect browser context as specified") so the agent will fetch and read arbitrary third‑party web content and use it to drive generation and actions, enabling indirect prompt injection.