review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires fetching issue bodies and writing modified bodies back via heredoc/gh commands, which forces the agent to output the exact issue content (including any API keys or secrets present) verbatim in commands/updates, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses GitHub issue bodies via "gh issue view" in Step 3 and then interprets and acts on that untrusted, user-generated content in Steps 4 and 10 (including automated edits/closing), so public issue text could inject instructions that influence agent behavior.