security-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt embeds plaintext test credentials (e.g., "TestPassword" and user emails) directly into example curl commands and login tests, which instructs the agent to include secret values verbatim in generated commands/outputs, creating an exfiltration risk.