developer-growth-analysis

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to read raw local chat history (including pasted code/content) and to include "specific evidence from chat history" in a report sent to Slack without any redaction rules, so it may need to output secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly searches and ingests user-generated HackerNews posts via RUBE_SEARCH_TOOLS / Rube MCP to curate learning resources, so the agent will fetch and read untrusted public third‑party content from HackerNews.