obsidian-upgrade

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires subagents to read files and "quote exactly" content and include those verbatim in diffs and the upgrade plan, so any API keys/passwords present in the wiki would be output by the LLM (exfiltration risk).