design

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt mandates exhaustive codebase analysis and full, copy-pasteable code/commands ("complete code (no ellipsis)", "exact commands") so if secrets appear in the repo or outputs they will be included verbatim, creating a significant exfiltration risk even though it doesn't explicitly ask for keys.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's Research Phase explicitly instructs the agent to call external web-research tools (e.g., mcp__perplexity__perplexity_research and mcp__exa__web_search_exa in references/research-phase.md) to fetch open-web code examples and documentation, and those findings are incorporated into the plan and reviewer workflows—meaning untrusted third-party content can influence design decisions and agent actions.