skill-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly requires including evidence snippets that reveal the first 4 and last 4 characters of any detected secret (or otherwise quoting/redacting values), which forces the LLM to handle and output secret fragments verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly performs remote audits by fetching and reading arbitrary GitHub repository files (via api.github.com and raw.githubusercontent.com) and then interprets that content as part of its analysis, so it exposes the agent to untrusted third‑party (user-generated) content that could contain indirect prompt injection.