github-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes and encourages command patterns that embed secret values verbatim (e.g., gh secret set API_KEY --body "sk-..."), which requires the LLM to output or transit actual secret strings in commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly runs GitHub read operations (e.g., gh pr view, gh issue view, gh run view, gh api and gh search ...) which fetch and have the agent read public, user-generated content on GitHub (PRs, issues, comments, code, logs) that can materially influence decisions and subsequent gh actions such as merges or closes.