research

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill mandates reading and reporting file contents with file:line citations and synthesizing findings into output artifacts without any redaction guidance, so any secrets present in code/config could be read and reproduced verbatim (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly instructs the explore/research agents to perform Tier 6 external lookups (SKILL.md Step 3 "Tier 6 — External Docs") and the referenced docs (e.g., references/deep_research_mcp.md and references/iterative-retrieval.md) call out WebSearch/WebFetch and MCP scrapes of arbitrary URLs, meaning the agent will fetch and read public third‑party content (webpages/URLs) and incorporate those findings into its research and next actions.