vibelink-push

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs storing and then embedding an authorToken directly into curl commands and files (e.g., -F "authorToken={token}" and echo "{token}" > ~/.vibelink-tokens/{projectId}), which requires the agent to read and insert secret values verbatim into outputs/commands, creating an exfiltration risk.