discover

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill instructs scanning and reporting environment files and connection strings (e.g., .env, DB connection strings, API client calls) into the generated ecosystem map and signal details without instructing redaction, which can require the LLM to include secret values verbatim — a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill performs GitHub org code and repository searches (see "Step 5: GitHub Search" / operations/github-ecosystem-search.md) using gh api search/repositories and gh api search/code, ingesting and interpreting potentially arbitrary public GitHub content as part of its discovery workflow, which exposes the agent to untrusted third‑party/user‑generated data.