ci-analysis

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly tells the agent to ask the user for a Helix access token and re-run the script with -HelixAccessToken (which will be appended to API requests), meaning the agent must handle a secret and could be required to include it verbatim in commands/requests despite a warning not to expose it.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's CI workflow and Get-CIStatus.ps1 explicitly fetch and parse public third-party content — e.g., Helix console logs from https://helix.dot.net, Azure DevOps build/timeline data from https://dev.azure.com, GitHub check-run/PR data via the gh CLI, and MihuBot search results — and the agent is expected to read and act on that content to make retry/investigation recommendations, so untrusted external content can influence behavior.