task-orchestrator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs capturing log content and injecting it verbatim into Codex prompts (e.g., using $(cat error.log | tail -20) in a send-keys codex command), which causes the agent to read and forward arbitrary sensitive data from logs into model I/O and so can exfiltrate secrets.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests open GitHub issues (via commands like gh issue list --repo OWNER/REPO --json ... > issues.json and similar fetches) and uses issue bodies/descriptions as task prompts/descriptions for Codex sessions and dependency analysis, which are untrusted, user-generated third-party content that could carry indirect prompt injection.