dev-agent

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to ask the user for connection details including DB credentials and to run scripts/tests that will likely require embedding those secrets verbatim (e.g., connection strings or command-line invocations), which creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads untrusted, user-generated content from external MCP tools and URLs—e.g., tickets, descriptions and comments via the board MCP (Jira/ClickUp/GitHub Issues), chat threads via Slack/Teams (commands/check.md), and documentation URLs via WebFetch (SKILL.md documentation.sources)—and then interprets that content to guide planning, implementation, and tool actions, so third-party instructions can influence agent behavior.