PopeBot Operations

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes commands and instructions that place secrets directly into command-line/env arguments and URLs (e.g., -e GH_TOKEN=, https://@github.com..., $env:OLLAMA_API_KEY=""), which would require an agent to emit secret values verbatim in generated commands or configs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs using gh and git commands (e.g., gh run view, gh pr merge, git fetch origin pull/) against the public winsorllc/upgraded-carnival GitHub repo, causing the agent to fetch and act on user-generated PRs/commits/logs from an open third-party source that can influence merges, recoveries, and other actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime GitHub Actions step pulls and executes the external Docker image stephengpope/thepopebot:job-1.2.71, which runs remote code as a required dependency (docker image: stephengpope/thepopebot:job-1.2.71).