repo-status

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt echoes the repository remote URL and asks the model to include it verbatim in the summary — remote URLs can contain embedded credentials (e.g., https://user:token@host/...), so this may cause secret values to be output directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Step 2 explicitly runs git fetch --all and gh pr list to ingest remote branch refs and open PR metadata from the repository host (remote URL), which are user-generated/untrusted third-party contents that the agent must read and use in its summary.