security-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to detect and include "Hardcoded Secrets" and code_context/PoC snippets in findings and PR comments, which would require reproducing secret values verbatim if they exist in the repository.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill explicitly ingests and analyzes repository and PR content (e.g., the "git diff --name-only origin/HEAD..." and full-repo "find ." scans) and then uses those results to post inline PR comments and take actions, so untrusted user-generated code or PR text could be interpreted by the agent and materially influence decisions.