laravel-owasp-security

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires FAIL outputs to include the exact vulnerable code snippet (file:line and code), so if secrets (API keys, tokens, passwords, or .env values) are present in the codebase those secret values would be reproduced verbatim in the agent's output, creating an exfiltration risk.