blueprint-prp-create

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly requires extracting and embedding file paths and verbatim code snippets (and copy-pasteable validation commands) from the codebase into the PRP without any redaction instructions, so any secrets present in files/configs would be reproduced in the output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required Step 3 ("Research external documentation") explicitly instructs the agent to use WebSearch/WebFetch and gather content from public sources including Stack Overflow and GitHub discussions (untrusted, user-generated) which the agent must read and incorporate into the PRP, so third-party content can influence decisions and next actions.