arch-council

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs extracting "auth patterns" from repos and writing the resulting context and agent prompts/artifacts to disk without any redaction guidance, so secret values (hard-coded tokens, keys, cookies) could be captured and fed into or echoed by the LLM and saved verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required "Update Check" step in SKILL.md instructs the agent to fetch and compare https://raw.githubusercontent.com/abpai/skills/main/versions.json (a public GitHub URL) and then pause and potentially run an update based on that remote data, meaning untrusted third-party content is fetched, interpreted, and can materially influence actions.