analyze-repo

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires embedding "problem code" and file:line evidence (including scanning .env, secrets, credentials, keys and showing code snippets/verification steps), which would cause the model to reproduce any hardcoded secrets it finds verbatim in its output, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill accepts and fetches arbitrary public GitHub repositories (e.g., "/analyze-repo https://github.com/owner/repo" and Phase 1.1 "https://github.com/ → GitHub API + 原始碼分析"), so the agent ingests and interprets untrusted, user-generated content from the open web.