things-mac

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and instructions to pass THINGS_AUTH_TOKEN directly on the command line (e.g., --auth-token ), which can require the LLM to include secret values verbatim in generated commands/outputs (even though an env-var alternative is mentioned).