team-load

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill reads YAML and role/prompt files and explicitly injects their full contents verbatim into Agent creation, prompt fields, and messages (including string replacements), so any API keys or secrets present in those files would be output/copied by the LLM and thus risk exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill reads untrusted, user-provided YAML from the project .team-profiles/{name}.yaml (snapshot format) and directly uses each member's saved prompt to create agents, which allows third-party prompt content to control agent behavior.