repo-sentinel

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's audit outputs and quick-reference examples explicitly show and expect reporting of concrete secret values (e.g., "sk-live-...", "redis://admin:pass@...") and file-level findings, which requires the agent to include secrets verbatim in its generated reports — creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — SKILL.md explicitly requires the gh CLI and includes Surface 10 platform checks that fetch and audit GitHub-hosted user-generated content (wiki pages, Discussions, issues/PR descriptions and other metadata) which the agent is expected to read and use to drive remediation/enforcement decisions (e.g., blocking pushes, history scrubs, CI gates), so untrusted third‑party content can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's CI and scheduled-audit steps fetch and run remote tooling at runtime (e.g., the gitleaks GitHub Action referenced via https://github.com/gitleaks/gitleaks-action and the direct download executed via https://github.com/gitleaks/gitleaks/releases/latest/download/gitleaks_8.18.4_linux_x64.tar.gz), so external content is retrieved and executed as part of the skill.