wp-cloudsync-master

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit CLI examples that pass access keys, secret keys, and license keys as command-line flag values (e.g., --access-key-id=KEY --secret-access-key=SECRET and license activate XXXX-XXXX-XXXX-XXXX), which would require an agent to insert user-provided secrets verbatim into generated commands—an exfiltration risk.