chrome-webstore-release-blueprint

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user to paste sensitive values (CWS_CLIENT_ID, CWS_CLIENT_SECRET, CWS_REFRESH_TOKEN) into the agent and instructs the agent to place or use those values for secret setup and uploads, which requires the LLM to receive and could cause it to output secret values verbatim — a high exfiltration risk.