jk

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that pass API tokens and secret values directly on the command line (e.g., --token <API_TOKEN>, --secret "value", echo "secret-value" | jk ...), which would require the agent to embed user-provided secrets verbatim in generated commands/outputs, creating an exfiltration risk.