wiki-architect

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill requires storing and embedding REPO_URL (from git remote get-url or user input) into linked citations, which could contain embedded credentials (e.g., https://user:token@host/) so the agent may output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's mandatory "Source Repository Resolution" and Procedure steps in SKILL.md require asking for a source repository URL (e.g., GitHub/Azure DevOps) and to "Scan the repository file tree and README", so the agent will ingest and act on arbitrary public repository content (REPO_URL/blob/...) which could contain untrusted, user-authored instructions that influence its behavior.