session-transcript-analyzer

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt includes a "Memory Protocol" that mandates reading and writing .claude/context/memory/*.md before/after execution and instructs assuming persisted state, which is an explicit, out-of-scope directive for a transcript-analysis skill and could be used to persist or exfiltrate state.

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly reads transcript/debug files and inserts raw tool_result/error content (truncated to 150 chars) into the report without any redaction, which can cause API keys, tokens, or passwords found in those logs to be emitted verbatim.