x-cmd-git

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt shows examples that pass API tokens directly as command-line arguments (e.g., x gh --cfg token=<github-token>), which encourages embedding secret values verbatim in generated commands or code and thus requires the model to handle/output secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly fetches and displays content from public, user-generated code hosting platforms (e.g., commands like "x gh repo clone owner/repo", "x gh search", "x gl repo ls", "x cb pr list" that read repos, issues, PRs, READMEs from GitHub/GitLab/Codeberg/Forgejo), so the agent will ingest untrusted third-party content that could carry indirect prompt injections.