agentic-rules-writer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly asks for free-text inputs (build/run commands and additional comments) and instructs the agent to include them verbatim in the generated file, which means any API keys or secrets the user places there would be output directly by the LLM and thus risks secret exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md (Phase 5 "Knowledge Sources") explicitly instructs the agent to "search the web for the official documentation" and to prefer official docs or community sources (e.g., Stack Overflow, blog posts), and the persona flow (Q19) says to "use web search to gather details" for obscure personas—both require fetching and interpreting open/public third‑party content that can materially influence agent behavior.