static-vulnerability-detector

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to include vulnerable "Code Snippet" excerpts (and even shows examples with hard-coded API keys like "sk-1234567890"), which would require the LLM to reproduce secret values verbatim when present in analyzed code, creating an exfiltration risk.