distill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill autonomously scans repo files and explicitly requires returning verbatim quotes and writing distillations (which are then logged), so any secrets present in those files would be read and emitted verbatim, creating a direct exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill is high-risk: it autonomously scans user "brain" data, backups, git histories and cross-repos, persists distilled files into repo and explicitly logs summaries via oracle_learn — all without consent or approval and triggerable by any agent/hook — creating a clear avenue for unauthorized data exposure and credential leakage even though no obfuscated payload or remote shell is present.