agentic-actions-auditor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill requires fetching and embedding workflow YAML snippets and explicitly recording fields like token and env values as evidence, so an LLM would potentially output literal secret values present in those files (exfiltration risk), even though it does not ask the user to supply secrets.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's remote analysis mode explicitly fetches and reads workflow files from arbitrary GitHub repositories (using gh api to list and retrieve .github/workflows/*), meaning untrusted, user-generated repository content is ingested and interpreted as part of the audit workflow.