spec-to-code-compliance

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill requires quoting exact code and documentation excerpts (file + line numbers) and producing verbatim code excerpts/IR, which would force the model to reproduce any secrets (API keys, private keys, tokens, passwords) present in the provided materials.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts a "Spec document" as a URL and lists WebFetch in allowed-tools (commands/spec-compliance.md) and its Documentation Discovery/Normalization phases state it will fetch and normalize whitepapers/HTML/URLs, so the agent will retrieve and parse arbitrary, potentially untrusted public web content.