senior-backend

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples that embed bearer tokens and connection strings directly in command-line arguments (e.g., --header "Authorization: Bearer token123"), which instructs the agent to output secrets verbatim and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes an HTTP load tester (scripts/api_load_tester.py) and SKILL.md workflows that explicitly instruct running tests against arbitrary external URLs, so the agent will fetch and interpret untrusted third‑party responses whose results can directly influence recommendations and next actions.