review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt requires the reviewer to point to exact file lines and flag "hardcoded secrets" in diffs, which will likely cause the model to reproduce secret values verbatim when quoting problematic lines—creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill is a generic code-review workflow that operates on a “full diff” and PR context, which at runtime would typically include outsider-authored PR/issue text (e.g., PR description/commit messages and diff content) ingested into the agent’s LLM context via the review target.