bootstrap-auto

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt explicitly tells the agent to ask the user to provide an API key to "add it to the environment variables," which implies the agent will receive secrets in input and may embed them into files/commands, creating an exfiltration risk.