code-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly requires detecting "hardcoded secrets" and producing evidence-based findings and code diffs for critical issues, which can force the LLM to reproduce secret literals verbatim in its output, creating an exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Scoping section requires fetching PR diffs and full file contents at runtime using "gh pr diff" (github.com), which injects remote repository content into the agent's prompt/context and therefore directly controls the agent's instructions — flagging github.com (via gh pr diff).