trust-but-verify

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask for, save, read, and reuse user credentials (email/password) and to fill forms via MCP actions, which requires including secret values verbatim in generated action arguments/commands and thus creates an exfiltration risk.