ops-deploy

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs retrieving plaintext AWS/Vercel credentials (e.g., doppler secrets get ... --plain) and to include them in API headers/commands (e.g., Authorization: Bearer $VERCEL_TOKEN in WebFetch), which requires the agent/LLM to handle and potentially emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and displays untrusted third-party content (GitHub Actions via gh run list/view, ECS/CloudWatch logs, and Vercel deployments via the MCP or direct WebFetch to api.vercel.com) and then uses that content to drive decisions and actions (view logs, dispatch fix agents, trigger redeploys) as described in SKILL.md, which could allow indirect prompt injection.