agent-recovery

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to embed "entire content of each file" and paste that report into a new session, which would cause any secrets or API keys present in files to be output verbatim and exfiltrated.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to run "gh issue list --state open ..." and to incorporate "From GitHub" issue/issue-list content into the migration snapshot, which pulls user-generated, potentially public third-party data (GitHub issues) that the agent will read and could carry indirect prompt-injection payloads.