devpilot-scanning-repos

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The scanners are required to emit quoted evidence lines from repository files (and explicitly sample files with names like secret/token/password and include a sec:secrets category), which forces the LLM to reproduce any secret values found verbatim in its output, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and interprets arbitrary GitHub repository content (via gh repo view and by building /tmp/devpilot-scan-manifest.txt and /tmp/devpilot-doc-manifest.txt) and then uses those repo files and docs to drive scanners, scoring, label edits, and gh issue creation, so untrusted, user-generated third-party content can materially influence agent actions.