devsh-orchestrator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly supports passing environment variables as --env <key=value> on the command line, which encourages embedding secrets (API keys/passwords) verbatim in generated commands and agent invocations, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md shows the orchestrator cloning and using arbitrary GitHub repositories (the --repo <owner/repo> flag in "Spawn Agent" and the Leader-Worker example "Analyze the codebase and create a plan") so sub-agents will ingest and act on untrusted, user-generated repository contents which can drive subsequent agent actions.