project-tooling

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly tells the agent to ask the user for their Render API key and shows commands that echo or place that API key into environment files (e.g., echo "RENDER_API_KEY=" >> .env), which would require the LLM to receive and potentially output the secret verbatim.