pentest-report

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs the agent to present exact file paths, code excerpts, and "evidence" (e.g., hardcoded encryption keys, JWT_SECRET, committed .env contents, CI/CD secrets) which would require the LLM to include secret values verbatim in its output if present in the scanned codebase.