validate-implementation-plan

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill mandates reproducing the plan file "exactly" (via !cat $0` and instructing to write the original plan back into output/file), so any API keys, tokens, or passwords present in the plan would be emitted verbatim by the LLM, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 0 Research and the $2 "fetch-recent" option explicitly instruct the agent to use "WebSearch" to validate claims, causing it to fetch and interpret open/public web content (third-party sources) as part of the audit workflow.