gitea

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This prompt includes numerous examples that embed API tokens/passwords directly in URLs and command headers (e.g., http://user:TOKEN@host..., git remote add with TOKEN, and curl -H "Authorization: token $TOKEN"), which requires substituting secret values verbatim and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill issues commands like extea api, extea projects view, extea issues/pulls list and even git clone of http:///owner/repo.wiki.git that fetch and parse user-generated content (issues, PRs, wiki pages, project boards) from arbitrary Gitea instances, which the agent would read and could directly influence follow-up actions.