fireflies-ci-integration

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an explicit CLI that embeds a (test) API key literally (gh secret set FIREFLIES_API_KEY --body "sk_test_***"), which requires producing/handling the secret verbatim in output/commands and is therefore high-risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The workflow uses external GitHub Actions (uses: actions/checkout@v4 and uses: actions/setup-node@v4 — fetched from https://github.com/actions/checkout and https://github.com/actions/setup-node) which are retrieved and executed at runtime in the CI environment, so they are runtime external dependencies that execute remote code.