github-explorer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs using curl commands with an inline Authorization header "token {PAT}" (and references a PAT), which requires the LLM to insert a secret value verbatim into generated commands/requests, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user-generated content (e.g., GitHub Issues/Commits, Reddit, Zhihu/mp.weixin.qq.com, Xiaohongshu, Twitter/X, Medium/Dev.to) via web_fetch, search-layer, browser and content-extract and then reads and cites those community posts as part of its analysis, which exposes the agent to untrusted third-party content that could enable indirect prompt injection.