devops

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed secret values verbatim (e.g., gh secret set ... --body "secret-value" and GF_SECURITY_ADMIN_PASSWORD=admin in docker-compose), which instructs an agent to handle and emit secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directs AI agents to fetch and inspect user-generated content from GitHub (e.g., gh workflow view --yaml, gh run view --log, gh run download artifacts, gh pr checks and gh pr list), which pulls arbitrary third‑party repository files, logs, PR descriptions, and artifacts that could contain untrusted instructions.