security-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to extract and embed code contexts, findings, and inline PR comments (including "hardcoded secrets" and code snippets) into generated outputs without any redaction rules, so if secrets exist in the repo the LLM would include them verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill explicitly ingests and analyzes repository and PR content (e.g., the "git diff --name-only origin/HEAD..." and full-repo "find ." scans) and then uses those results to post inline PR comments and take actions, so untrusted user-generated code or PR text could be interpreted by the agent and materially influence decisions.