optimize-prompt-token-efficiency

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill reads and rewrites arbitrary prompt files and explicitly requires preserving all semantic content (verbatim) during optimization, so any embedded secrets (API keys, tokens, passwords) would be read and output unchanged, creating an exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs the agent to read, write, and atomically replace files at arbitrary paths (e.g., mv {working_path} {original_path}), which can modify system or user files and change machine state even though it doesn't explicitly request sudo or create users.