cross-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt instructs the agent to inline review context into CLI commands (and to proactively pull context from code/repo rather than ask the user), which can cause secrets found in that context to be included verbatim in command-line arguments, prompts, or stdout and thus exfiltrated.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill explicitly instructs the agent to proactively collect review context from the codebase and conversation history (rather than asking the user) and to inline or write that context to files then invoke external CLI "code agents" (e.g., claude, codex), which is an intentional design that transmits potentially sensitive local data to remote services — a clear data-exfiltration/credential-leakage risk (and also enables remote CLI execution); no obfuscated payloads or hidden shells were found, but the specified behavior deliberately facilitates unauthorized export of secrets.