system-environment-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill prompt embeds hardcoded secret-like values (e.g., DATABASE_URL with passwords, POSTGRES_PASSWORD, SMTP_PASSWORD, STRIPE/AWS keys) in config examples and instructs generating .env and compose files, which would require the LLM to output those secret values verbatim when producing configs—creating an exfiltration risk.