orchestrate

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill reads plan.json and injects task.spec and verify_command verbatim into agent prompts and bash executions, so if those fields contain API keys/passwords or tokens the LLM will end up including and emitting secret values (and possibly executing them), creating an exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill orchestrates execution of arbitrary task.spec and verify_command via Agent and Bash tools (with automatic git worktree creation) and only a limited pattern-based safety scan, which enables tasks that modify system files or invoke sudo-like operations even though not explicitly required by the prompt.