github-integration

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows an export command containing a ghp_* token placeholder and instructs users to paste a GitHub personal access token into a shell command, which encourages embedding secret values in command output/commands and includes a secret-like string verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill directly fetches and reads user-generated content from GitHub (e.g., via mcp__github__get_pull_request_files, mcp__github__get_pull_request_comments, mcp__github__get_issue, mcp__github__get_file_contents and related list/search endpoints), which are untrusted third-party sources (PRs, issues, comments, file contents) that the agent ingests and interprets as part of its workflow.