review-ai-writing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly extracts and writes verbatim "original_text" from docs, commit messages, and PR bodies into reports and summaries (with no redaction rules), so any secrets present in those artifacts would be included in the LLM's output and therefore exposed.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly fetches and reads PR descriptions via "gh pr view --json body" (SKILL.md, Subagent 3), which ingests user-generated GitHub content that the agent interprets as part of its scanning and can drive follow-up actions—exposing it to untrusted third-party input that could carry indirect prompt injections.