eliteforge-sonar-pmd-generator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly shows and requires using a Sonar token in command lines (e.g., mvn ... -Dsonar.token=) and instructs initializing token/project binding, which encourages embedding secret tokens verbatim in commands—an insecure exfiltration pattern.