code-security-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to collect scanner outputs and include "Evidence" (code snippets or scanner output) in the consolidated report and chat preview, which can require embedding secrets found in the repo verbatim (e.g., API keys, tokens) without any redaction instructions.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches public release data and binaries from third‑party sites (e.g., the Phase 2 step that offers to look up the latest version via curl to the GitHub Releases API in SKILL.md and the Dockerfile templates in references/dockerfile-templates.md that curl GitHub release tarballs), and those fetched values (version tags/checksums/binaries) are parsed and incorporated into generated Dockerfiles/scan containers, so untrusted external content can materially influence tool selection and runtime behavior.