github-actions

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes explicit examples that embed tokens in commands (e.g., "act -s GITHUB_TOKEN=ghp_xxx") and instructs executing real API calls/tests (which could require supplying secrets), so it encourages handling secrets in cleartext or passing them verbatim into commands—an insecure pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires making API calls and reading repository files and issues from GitHub (see the @actions/github/octokit examples like octokit.rest.issues.listForRepo and the "Execute actual API calls with @actions/github before documenting responses" anti‑fabrication requirement), which means the agent will ingest untrusted, user-generated GitHub content (repos, issues, marketplace listings) that can materially influence its actions.