setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The setup skill collects sensitive secrets (the 12-digit マイナンバー) and requires saving them into the config file via the Write tool (i.e., the agent must emit the secret verbatim into generated file/tool output), which creates an exfiltration risk despite instructions not to print it in logs/conversation.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill directs the runtime installation of a remote git package using "uv tool install git+https://github.com/kazukinagata/shinkoku", which fetches and installs/execut es remote code that the skill relies on (the shinkoku CLI), so this is a runtime external dependency that can execute remote code.