gh-issues

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs agents to read GH_TOKEN from config/env and embed it in curl headers and git remote URLs (and even echo the token prefix), which requires the LLM to handle or print secret values verbatim, creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses user-generated GitHub content (issues, issue bodies, PR bodies, review comments and inline comments) via the GitHub REST API in Phase 2 (Fetch Issues) and Phase 6 (PR Review Handler) and then reads/acts on that content (sub-agents decide whether to implement fixes, what code to change, and what actions to take), which allows untrusted third-party text to influence tool use and agent behavior.