issue-summary

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires quoting the issue's last message verbatim (and summarising comments), so if those messages contain API keys, tokens, or passwords the agent will output them directly, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs gh issue view $ARGUMENTS --comments --repo [REPO] (in SKILL.md) to fetch GitHub issue descriptions and user comments — untrusted, user-generated content that the agent must read and interpret to decide actions and next steps, enabling indirect prompt injection.