@2004/skill-repo-publish

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly instructs embedding a GITHUB_TOKEN into a clone URL (https://${GITHUB_TOKEN}@... ), which is an instruction that leads to placing a secret into command-line/git URLs and can cause the agent to include the secret verbatim in generated commands or outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill clones and opens files from the remote GitHub repo (git clone https://...github.com/Starchild-ai-agent/official-skills.git and reading /tmp/official-skills//SKILL.md), meaning it fetches and processes untrusted, user-editable repository files which the agent reads and modifies as part of its workflow, allowing embedded instructions in those files to influence subsequent actions.