deep-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The auditors are instructed to read artifact files and embed verbatim code snippets as "evidence" and remediation without any redaction guidance, so if those files contain API keys/passwords the LLM would output them directly, creating a significant exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's dependency check instructs at runtime to git clone and copy from the external repository https://github.com/mikeng-io/agent-skills to install required sub-skills that define agent prompts/behaviors, meaning remote code would be fetched and would directly control agent instructions.