research

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly tells the agent to read files fully and produce copy-pasteable code snippets and file:line excerpts in task outputs without any redaction or secret-handling rules, so any API keys/passwords found in those files could be emitted verbatim.