build-vs-buy

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill tells the agent to grep code and .env files for API_KEY/client_id patterns and to persist analysis into markdown files, which can cause any discovered secret values to be captured and written verbatim into the saved output (exfiltration risk).