research-intake

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill mandates recursively reading all files and "preserve original content" (not paraphrasing) when building the knowledge map and presenting findings, which can force the LLM to include any secrets found in source files verbatim in its outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads web URLs and performs web searches as required parts of the workflow (see references/intake-process.md "Web URLs (provided by human) | Fetch and read content" and Core Workflow step 5 "Research the human-selected gaps via web search"), so it ingests untrusted third‑party content that can influence subsequent actions.