sync-fork

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to run and display remote URLs (e.g., git remote get-url <name> and echo <url> to the user), which can contain embedded credentials/tokens and therefore forces the LLM to output secret values verbatim if present.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and inspects content from remotes (e.g., "Fetch both remotes", git remote -v, and git log --oneline <fork>/<branch>..<upstream>/<branch> in Phase 1) which are arbitrary upstream/fork repositories (third-party public URLs) whose commits, diffs, and file contents are read and used to decide merges, conflict resolution, and push actions.