osint

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs scanning for and immediately documenting discovered credentials/secrets (e.g., "Document every discovered credential/secret immediately as a finding"), which requires the agent to capture and output secret values verbatim, creating an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is a focused OSINT playbook that explicitly directs discovery and harvesting of secrets (including git-history recovery, API keys, private keys, and employee accounts) and therefore enables credential theft and unauthorized data exfiltration — high dual‑use/malicious abuse potential.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill clearly fetches and ingests untrusted, user-generated content from public code hosting sites (e.g., GitHub/GitLab/Bitbucket) — see SKILL.md and reference/repository-recon.md which instruct cloning and scanning repos (e.g., "git clone https://github.com/ORG/REPO", GitHub API/curl searches, and trufflehog/gitleaks org scans) so third-party content can directly influence findings and follow-up actions.