news

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly builds and writes a GitHub credential line containing the output of gh auth token into ~/.git-credentials (echo "https://GGPrompts:$(gh auth token --user GGPrompts)@github.com"), which requires reading and embedding a secret token verbatim into a command/file and therefore exposes secrets.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 1 "Research" explicitly launches five subagents "using WebSearch" to fetch headlines, summaries and source URLs from public websites (including news sites, forums/aggregators and GitHub trending) which the agent must read and use to decide story ranking, lead selection, and layout, exposing it to untrusted third‑party content that could carry injected instructions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill instructs the agent to create and overwrite files (news/{date}/index.html and news/index.html), modify the user's git configuration and write credentials into ~/.git-credentials (including embedding a GH token) and then push to a remote — actions that change the machine state and can expose secrets and compromise the environment.