do-nothing-scripting

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly extracts commands from asciinema recordings, shell history, or text and writes them verbatim into a generated do-nothing script (printing the original commands for the operator), so any embedded API keys, tokens, or passwords in those inputs would be reproduced by the LLM and exposed.