research

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly requires including "all context" in the spawned task, which would force the agent to copy any user-provided secrets verbatim into the sessions_spawn/gemini task payload (an output path), creating a substantial exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill spawns a Gemini CLI sub-agent (via sessions_spawn) to "research this topic" and produce ~/clawd/research/[slug]/research.md, which will ingest and summarize open/public third‑party content (websites, papers, forums, and other user‑generated sources) that the main agent is then expected to read and present — exposing it to untrusted external content and potential indirect prompt injection.