code-researcher

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). The prompt contains deceptive/contradictory instructions outside its stated "document what exists" purpose — e.g., "God Mode: If a tool is missing, INVENT IT" (which encourages fabricating artifacts) and a direct conflict between "YIELD CONTROL: ... Do NOT call another skill" and the next-step mandate to immediately call activate_skill("research-reviewer"); both instruct behavior that violates the Documentarian's declared scope.

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires reading and documenting files verbatim ("Document what IS" with file:line evidence) and producing research artifacts that could include code snippets or ticket contents, which can force the LLM to reveal any secrets present in those files and offers no redaction/secret-handling rules.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). SKILL.md's "External Research" step explicitly instructs using google_web_search to consult public web sources for libraries or best practices, meaning the agent may fetch and interpret untrusted third‑party web content that could influence its analysis and subsequent actions.