rpi-research

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires reading files fully and "documenting what IS" (including file contents, code references, and metadata like commit hashes), so an agent following it could be forced to reproduce any secrets found in the repository verbatim in its output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly instructs spawning sub-agents to perform "WebSearch/WebFetch" and return links "If the user explicitly asks for web research," which means the agent will fetch and ingest open/public web content (untrusted user-generated sources) as part of its workflow and could let webpage-hosted instructions influence subsequent actions.