siege

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly tasks agents (Infrastructure Prober and others) to find "Secrets in code/config" and to emit evidence and code references (file:path:line and Evidence fields) and persist findings/threat-models to disk without mandating redaction, which can force the LLM to include secret values verbatim in outputs and stored artifacts, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The orchestrator's Phase 1 "Intelligence Gathering" explicitly WebFetches public sites (e.g., owasp.org/Top10, cisa.gov/known-exploited-vulnerabilities-catalog and "relevant cheat sheet URLs") and the condensed intelligence summary is prepended to every agent's dispatch prompt, so externally hosted third‑party content is ingested and can directly influence agent behavior.