ops-monitor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask users for API keys/app keys and then write and use those credentials (e.g., into preferences.json and in smoke-test curl commands), which requires the model to receive and potentially embed secret values in its outputs—creating an exfiltration risk.