deep-research

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill requires full extraction of pages, embedding code examples and screenshots from repos and dashboards (and including them verbatim in reports) without any redaction guidance, which can force the LLM to reproduce API keys, tokens, or passwords found in source content.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow (Phase 1 and Phase 2 in SKILL.md) instructs the agent to run searches and collect 15–25 candidate URLs and then fully extract content from open web pages and repos using tools like search/search_web, scrape, read_url_content, crawl, browser_subagent, and get_file_contents (GitHub MCP), meaning it ingests untrusted public third‑party content and uses those findings to drive synthesis and recommendations.