epitech-pre-eval

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to read files and include code snippets, file/line locations and explicit "bad practice" entries (e.g., "API key en dur") without any redaction guidance, so it can expose secret values verbatim from the code it views.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests arbitrary third-party code from public GitHub URLs (see SKILL.md Step 2: "Repo GitHub | git clone <url> /tmp/student-project" and EXAMPLE_PROMPT examples), then reads and interprets that untrusted user-generated content as part of its analysis and scoring workflow, which can materially influence subsequent tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill performs runtime git clones of user-supplied GitHub repos (e.g., git clone https://github.com/etudiant/mon-projet) and ingests the fetched repository files into the agent's analysis/reporting flow, so remote repository content can directly influence prompts/outputs — this meets the criteria for a runtime external dependency that can control agent instructions.