skill-guard

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt requires reading full source files and reporting "file:line" code excerpts and content in findings without any guidance to redact secrets, so any embedded API keys, tokens, or environment variable values discovered would likely be included verbatim in the output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — the SKILL.md explicitly performs registry lookups and downloads arbitrary public skills from GitHub/the community registry (Phase 1: "check j4rk0r/claude-skills" via gh and Phase 2: "Download to /tmp/skill-guard-audit/[skill-name]/"), so untrusted, user-generated third‑party content is ingested and interpreted to drive audit decisions and actions.