github-security-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly requires reading affected source files and including "Current vulnerable code" verbatim for code and secret-scanning findings (and to identify exposed secrets and help remove/rotate them), which forces the agent to handle and potentially output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches alerts and repository data from arbitrary GitHub repositories using scripts/fetch.sh (gh api /repos/{owner}/{repo}/... endpoints) and the SKILL.md/README require the agent to read and act on those fetched code/alert contents (including reading affected source files and applying fixes), which are untrusted third‑party user-generated content that can directly influence tool actions and decisions.