evolving-config

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to read local config files (including settings.local.json and hook scripts) and to show diffs/apply changes without any guidance to redact secrets, so it can require outputting API keys or passwords verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Phase 2 explicitly WebFetches the public GitHub changelog (https://github.com/anthropics/claude-code/blob/main/CHANGELOG.md) and Phase 3 may WebFetch Perplexity-cited URLs (both in SKILL.md), so the agent ingests untrusted public web content and uses it to drive configuration decisions.