ln-814-optimization-executor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill reads and reuses an e2e_test_command from context and explicitly includes that command string in the e2e_test report (and may echo/run it), so if that command contains credentials or tokens the LLM would need to handle and output them verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch missing reference files from an open GitHub raw URL ("If shared/ is missing, fetch files via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}") and marks several of those remote reference files as "MANDATORY READ" in the SKILL.md workflow, meaning untrusted, user-authored web content will be ingested and can materially change execution decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs at runtime to fetch required reference files via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those "MANDATORY READ" documents directly shape the worker's instructions/behavior, making this a required external source that controls the agent's runtime guidance.