ace-tool

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt exposes an explicit --token override and examples that encourage supplying ACE_API_TOKEN on the command line (or pasting tokens), which can lead an agent to request and echo secrets verbatim (high exfiltration risk) even though env-var usage is also mentioned.