research

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt requires reading files "FULLY" and documenting the codebase "as-is" (including examples and usage patterns), which can force the agent to reproduce any secrets found in files verbatim in its output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs using a "web-search-researcher" to fetch external documentation and include returned links when the user requests web research (Step 3: "For web research (only if user explicitly asks): Use the web-search-researcher agent... IF you use web-research agents, instruct them to return LINKS"), which means it can ingest untrusted public web content that could carry indirect prompt injections.