gh-issues

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs agents to read GH_TOKEN from config/env and embed it in curl headers and git remote URLs (and even echo the token prefix), which requires the LLM to handle or print secret values verbatim, creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill directly fetches GitHub issue bodies and PR/review comments from the GitHub REST API (Phase 2 "Fetch Issues" and Phase 6 "Fetch All Review Sources"), which are user-generated, untrusted public content that the orchestrator and spawned sub-agents are explicitly instructed to read and act on, enabling indirect prompt injection.