tribunal

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly collects "full content" (files, PR diffs) into agent prompts and instructs including complete reports in outputs, so any secrets present in those inputs would likely be reproduced verbatim by the LLM and exposed.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill executes Bash("gh pr diff ") and Bash("gh pr view ") at runtime which fetches PR content from GitHub (https://github.com) and injects that external content directly into the agents' prompts for review, meeting the criteria for a runtime external dependency that controls prompts.