cross-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires reconstructing diffs/read files and then relaying the subagent's review output verbatim (first and unmodified), so any API keys/passwords or secrets present in the changes or review will be read and emitted unchanged, enabling exfiltration.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill's workflow — reconstructing diffs and reading file contents in secret, spawning a user-specified subagent, and mandating verbatim relay of that subagent's output — creates a straightforward channel for exfiltrating sensitive data or leaking secrets and can be deliberately abused to bypass filters.