continuous-ai-patterns

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill requires scanning for hard-coded secrets and posting findings (inline comments, SARIF reports, alerts) but does not mandate redaction or using environment-based references, so an agent could include secret values verbatim in its outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md includes an "Intelligent Issue Triage" workflow that lists tools: web-search and explicitly instructs "Search web for similar issues in related projects" (in the Example 2 steps), meaning the agent will fetch and interpret open/public web content that can influence triage decisions.