external-ai

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs the agent to embed file contents (e.g., $(cat file.ts)) and inspect environment variables into CLI invocations and to return command outputs, which can force secret values (files or env vars) to be included verbatim in commands or responses and thus risk exfiltration.