simmer-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to read config files (including .env) and to include "full content if from-paste" and config-derived background/evaluator commands in the output, which can force verbatim inclusion of API keys or secrets from those files.