prompt-engine

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The engine substitutes user-provided placeholders directly into prompts (after light sanitization that doesn't remove typical API-key characters), so a secret supplied as a placeholder would be embedded verbatim and could be exfiltrated.