pr-screenshot

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to read login credentials (from CLAUDE.md) and use them with explicit agent-browser fill commands (embedding email/password verbatim), which forces secrets into the agent's generated commands/output and creates exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly runs "gh pr view ... --json headRefName,title,body" and reads the PR body from GitHub (user-provided/untrusted content) to incorporate into PR edits, so it ingests third-party content that could contain indirect prompt injection.