setup-credentials

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly instructs the agent to ask users for API keys and to persist or export them (including examples that embed the secret in shell export commands and pass user_provided_key into config-write calls), which requires the LLM to handle and potentially emit secret values verbatim, creating exfiltration risk.