reverse-engineering-quick-triage

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly extracts and outputs IOCs and hardcoded credentials (strings.json, stored memory, decompiled outputs), which requires the agent to include secret values verbatim in its generated findings, creating an exfiltration risk despite guardrails.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Level‑1 tooling (resources/scripts/strings-analyzer.py and resources/scripts/ioc-extractor.js) explicitly extracts and displays URLs/domains/emails and other text from arbitrary, user‑supplied binaries (and can optionally perform external reputation lookups like VirusTotal), so it ingests and interprets untrusted third‑party content (embedded web addresses/strings) as part of its workflow, enabling indirect prompt‑injection risks.