neo-team-claude

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The orchestrator is instructed to read and inject project files, reference files, logs/DB evidence, and "relevant sections" verbatim into specialist prompts and assembled outputs—so if those files or logs contain API keys, tokens, or passwords the LLM will be required to include them in generated prompts/outputs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The PR Review workflow explicitly accepts PR/MR diffs "provided by the caller — e.g., gitlab skill, gh CLI" and passes those user-generated diffs to code-reviewer, security, and QA agents to drive review decisions, meaning untrusted third-party content is ingested and can materially influence agent actions.