prompt-engineer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly ingests prompt files and in Analyze mode shows "before/after" diffs of the prompt text (and reads files/arguments), which can force the model to output verbatim input content — including any embedded API keys or passwords — so it enables secret exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's architecture and RAG/agent workflows explicitly ingest and reason over external retrieved documents and search results (see "RAG Prompting Patterns" and "Tool-Calling Patterns" in references/architecture-patterns.md and "Grounding with Google Search" in references/model-playbooks.md), and the hardening checklist warns that external web pages/documents can contain injections—so the agent is expected to read untrusted third-party content that can influence its actions.