evidence-logging

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs logging "full command with arguments" and capturing API responses/environment details, which can force the agent to record or reproduce secrets passed verbatim (e.g., tokens in CLI args), creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Step 3 "Record Citations (evidence-logging:citations-recorded)" explicitly requires logging and referencing external sources and web searches (e.g., example Source: https://doc.rust-lang.org/nomicon/), which implies the agent will consult and interpret open/public third‑party content that can influence findings and actions.