implementation-planner

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly requires reading files fully and embedding current-state code snippets and exact file:line contents into plans (without redaction guidance), which would force the agent to ingest and potentially output any secrets present in those files, creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly invokes the github-issue-reader to fetch GitHub issue titles, descriptions and all comments (user-generated public content) and uses those results in its planning workflow, exposing the agent to untrusted third-party input that could carry indirect prompt injections.