opencode-conversation-analysis

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs subagents to return "2-3 direct quote examples from the messages," which can force verbatim inclusion of any API keys, tokens, or passwords present in conversation history, creating a high exfiltration risk.