performing-soc2-type2-audit-preparation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's example code constructs Authorization headers using variables like github_token, scanner_token, and pd_token (e.g., "Authorization: Bearer {scanner_token}"), which requires embedding secret API tokens directly into requests or code—an exfiltration risk if the LLM must substitute or output actual secret values.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's agent code (scripts/agent.py and SKILL.md) explicitly fetches and ingests content from third-party APIs — for example, collect_github_change_management_evidence in scripts/agent.py calls https://api.github.com to read pull requests and reviews (user-generated content) and uses those results to mark exceptions and drive compliance decisions, and other routines similarly pull data from external scanners and PagerDuty, so untrusted third-party content is read and can materially influence control decisions.