github-discussion-to-devrel-content

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires extracting and outputting verbatim community quotes and discussion text from a JSON file (as evidence/representative quotes), so if those threads contain API keys, tokens, or passwords the LLM would be forced to include secrets verbatim in its output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's fetch_discussions.py explicitly pulls public, user-generated GitHub Discussions via the GitHub GraphQL API and SKILL.md (and references/output-format.md) require the agent to read discussions_raw.json and use verbatim community quotes and source URLs to drive clustering, scoring, and actionable doc/content outputs, so untrusted third‑party content is ingested and can influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The included script fetch_discussions.py makes runtime calls to the GitHub GraphQL endpoint (https://api.github.com/graphql) to retrieve discussions that are written to discussions_raw.json and then injected into the agent's analysis/context, so external content from that URL directly controls the agent's prompts/output.