skills-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's output format and example explicitly include an "evidence" field showing matched secret strings (e.g., a full AWS key), so the agent is required to read and emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's CLI supports a --url option and scripts/scan.py contains a fetch_url function that downloads and processes arbitrary HTTP URLs (5s timeout, 100KB limit), meaning the agent fetches and interprets untrusted public web content provided by third parties or users, enabling indirect prompt injection.