research

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt requires a "codebase agent" to read files, configs, and return code snippets/evidence (file paths and snippets) with no guidance to avoid or redact secrets, so the LLM may extract and output API keys/passwords verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Step 3: Launch parallel research" explicitly instructs a Web agent to perform WebSearch/WebFetch of public sites (blog posts, Stack Overflow answers, GitHub issues) so the agent will ingest untrusted, user-generated third‑party content that can influence its recommendations and actions.