github-fork-sync-assistant

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly tells the agent to ask for a GitHub Personal Access Token, shows a command that injects the token verbatim (echo "" | gh auth login --with-token), and says to record/reuse the token in-session, which requires the LLM to handle secret values directly.