issue-summary

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires quoting the issue's last message verbatim (and summarising comments), so if those messages contain API keys, tokens, or passwords the agent will output them directly, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and ingests GitHub issue content (via "gh issue view $ARGUMENTS --comments --repo [REPO]") and then reads and quotes the last comment verbatim, exposing the agent to untrusted, user-generated content from GitHub issues.