research-engineer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs the agent to extract and cite code snippets and files as "evidence" using file-search/view tools, which can force the LLM to reproduce secret values verbatim if those secrets exist in the repository, creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Research Methods explicitly require "Web Research: Use search_web for external information" (in SKILL.md), so the agent will fetch and interpret untrusted public web content as part of its workflow and those findings can materially influence recommendations and actions.