forgejo-cli-ops

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes commands that require inserting the PAT verbatim (e.g., echo -n "<PAT_VALUE>" | secret-tool store ... and piping the looked-up token into fj auth add-key), which instructs embedding actual secret values into shell commands and thus would require the agent to handle/output secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill operates against arbitrary Forgejo hosts (see "Forgejo instance (issues, PRs, repositories)" and the <FORGEJO_HOST> placeholder), which means it will fetch and read user-generated content (issues/PRs/repos) from third-party instances that could contain untrusted instructions.