start-of-day

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill reads "all relevant files" (including config files and .env* patterns) and produces a comprehensive report/analysis, giving the LLM access to secrets and encouraging inclusion of file contents in its output, so it can easily expose secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs git fetch/pull from remotes and then reads repository files and documentation (e.g., README.md, docs/*.md, source code) as part of its required workflow, so third-party/user-generated content from remote repos could be ingested and influence analysis and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs git fetch/pull against the configured remote "origin" at runtime, which will contact the repository URL configured as the origin and fetch remote code that the agent then reads and analyzes—so the git remote (the origin repo URL) is a runtime external dependency that can directly control prompts/behavior.