hexagone-web-feature-extractor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to fill login fields by inserting literal username/password strings into injected JavaScript and expects the user to provide a password, which requires the LLM to emit secret values verbatim in its output (high exfiltration risk).