merge-pr

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to fetch PR bodies and commit messages and to "surface" detected sensitive content (e.g., "PR body: "), which can require outputting API keys, tokens, or other secrets verbatim without redaction.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The mandatory Step 3 "Repository Safety Check" explicitly instructs the agent to fetch and scan PR body and commit messages from public GitHub repos (gh pr view ... --json body/commits), which are untrusted user-generated content that the agent must read and whose findings directly affect merge decisions.