health

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's data-collection step instructs dumping file contents (e.g., settings.local.json, conversation files, MCP configs) and pasting collected data inline, which will include API keys/tokens/passwords verbatim (there is only an explicit redaction requirement for subagents, not for the initial paste), so the LLM would need to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly collects and pastes local SKILL.md files and conversation extracts (from ~/.claude/skills and the project's .claude/skills and conversation JSONL files) into analysis subagents as part of its required Step 1/Agent workflows (see SKILL.md Step 1 and agents/agent1-context.md/agent2-control.md), meaning it ingests untrusted user-authored skill and conversation content that could carry indirect prompt-injection instructions.