github-webhook-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to provide the exact WEBHOOK_SECRET value (e.g., "Secret: <value-from-WEBHOOK_SECRET-in-.env>") for copying into GitHub, which requires the LLM to read and output a secret verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests GitHub webhook payloads from webhook.temet.ai (see SKILL.md and hooks.json examples / references/reference.md) and maps untrusted, user-generated fields like repository.full_name, ref, and commit data into arguments/environment for deploy scripts, so external webhook content can directly influence execution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill triggers runtime git operations and deploy scripts that fetch and run code from remote repositories (e.g., repository.clone_url "https://github.com/owner/repo-name.git"), so external GitHub repo URLs are used at runtime and can cause remote code to be executed.