research

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt mandates reading files "FULLY" and documenting code and usage "as-is" (including examples and file contents from thoughts/), so any secrets present in those files would be reproduced verbatim in the agent's output, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly instructs the agent to use a "web-search-researcher" agent to fetch and include links from external documentation/resources ("For web research (only if user explicitly asks)" in SKILL.md), which clearly allows ingesting open/public third‑party content that the agent will read and use in its research workflow.