strategic-doctrine-deployment

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows embedding a GitHub PAT in a shell command (echo "ghp_..." | gh auth login --with-token) and instructs authenticating with a stored PAT, which requires including secret values verbatim in generated commands — a direct exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This workflow automatically copies user-provided documents into a local repo and then uploads/pushes them to an external GitHub repository and a Google Drive remote using stored credentials (PAT, rclone), which creates a high-risk opportunity for unauthorized data exfiltration even though there is no obfuscated code or obvious remote-code/backdoor mechanisms.