bootstrap-auto

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly tells the agent to ask the user to provide an API key "to add it to the environment variables," which implies the model will accept and handle the secret value directly (a high-risk exfiltration pattern).