respond

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill mandates quoting feedback verbatim in public PR comments and forwarding those quotes to external agents (moonbridge), so any API keys/passwords included in review text would be output and exfiltrated.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and parse user-generated GitHub content (review comments, issue comments, and review summaries via gh api in the "Gather All Feedback" section), then to read, categorize, and act on that content (including spawning agents and making decisions), so untrusted third-party input could inject instructions that influence behavior.