plan-devex-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill's instructions and embedded shell snippets read and echo values like git remote URLs and a BRAIN_REMOTE_FILE and explicitly print them in output (e.g., "BRAIN_SYNC: brain repo detected: $_BRAIN_NEW_URL"), which can reveal embedded credentials/tokens verbatim if those files or remotes contain them.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 0C "Competitive DX Benchmarking" explicitly instructs the agent to "Use WebSearch" and run three searches, then include URLs/sources in the competitive benchmark table (i.e., ingest public web search results), which is untrusted third‑party content that the agent must read and use to influence scoring and recommendations.