osint

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to "Document every discovered credential/secret immediately as a finding" and save raw tool outputs, which requires including secret values verbatim in reports/files and thus risks secret exfiltration.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This is a high-risk, dual‑use OSINT reconnaissance playbook that explicitly instructs large‑scale enumeration of orgs and employee accounts, full git‑history secret scanning (API keys, private/SSH keys, CI/deploy tokens), and targeted dorks/tooling — activities that directly enable credential theft, unauthorized access, and downstream supply‑chain or system compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and reference/repository-recon.md explicitly instruct the agent to enumerate, fetch, clone, and scan public GitHub/GitLab/Bitbucket repositories and to use public code-search tools (gh/curl, sourcegraph, grep.app, trufflehog/gitleaks), i.e., ingesting untrusted user-generated third‑party content which the agent will read and use to drive findings and follow-up actions, so that content could contain instructions that influence behavior.