docker

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt contains numerous examples that embed credentials directly (e.g., docker run -e API_KEY=secret, DATABASE_URL=postgresql://user:pass@db:5432/app, .env with API_KEY=secret), which encourages including secret values verbatim in commands/files and thus poses an exfiltration risk.