community-campaign-builder

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit examples that pass tokens/passwords as literal command arguments (e.g., nas_secrets.py store --name GH_TOKEN --value "token") and shows exporting/storing PATs (e.g., export GH_TOKEN="your_token" / "Request new PAT, store in NAS"), which instructs embedding secrets verbatim and therefore requires the LLM to handle/output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and ingest untrusted third‑party content—see SKILL.md Phase 1 "Sources to Search" (WhatsApp, Gmail, news, social media), MUSIC_DISTRIBUTION.md (Suno page scraping), and scripts/gather_intel.py which add news and WhatsApp messages into intel that are then used to drive campaign decisions—so external/user‑generated content can materially influence actions.