review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly requires pasting entire diffs and extracted source code into sub-agent prompts and to report file:line and code-based findings, which will expose any secrets committed in the repo and can force the model to read and potentially echo secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches remote branches (git fetch origin ...) and explicitly reads and pastes diffs and full source files into sub-agent prompts (Step 2/Step 3 and "Spawning Sub-agents" — "paste the entire diff output" / "paste the full extracted code"), so untrusted, user-generated repository content from remote origins can be ingested and materially influence agent behavior.