contract-redliner

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires quoting exact contract language and producing tracked-change redlines (including "CURRENT LANGUAGE" verbatim), so any secrets present in the provided documents (API keys, tokens, passwords) would be reproduced in the output, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 1 "Ingest the Contract" explicitly accepts "A URL to a publicly accessible document," requiring the agent to fetch and parse arbitrary public web documents (untrusted third-party content) which it reads and uses to generate redline edits, enabling potential indirect prompt injection.