analyze-team-session

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires quoting specific passages from a raw team session export (including tool calls and messages) into the generated report, which would force the model to reproduce any embedded API keys, tokens, or passwords verbatim if they appear in the export.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires runtime WebFetch of the external docs (https://code.claude.com/docs/en/agent-teams and https://code.claude.com/docs/en/costs) and uses their fetched content as the authoritative rubric that directly controls the agent’s analysis/prompting, so these runtime documentation fetches are external dependencies that can influence agent instructions.