security-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The audit requires scanning for and reporting hardcoded credentials and "evidence" (file paths, line numbers and findings) but gives no guidance to redact or avoid embedding secret values, so the agent could output secrets verbatim — a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and runs third-party code and content — e.g., it installs a Gemini Security extension from GitHub and executes gemini prompt "/security:analyze" (references/gemini-analysis.md and references/tool-installer.md), ingesting external AI output into the report which can materially influence scoring and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The gemini-analyzer step will run at runtime and attempts to install and invoke a Gemini Security extension from https://github.com/gemini-cli-extensions/security, which fetches/installs remote code that can add prompt handlers and execute commands (e.g., enabling the /security:analyze prompt), so this is a runtime external dependency that can control agent prompts/behavior.