my-context-sync

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an explicit example that places a GitHub personal access token inline in a command (GITHUB_PERSONAL_ACCESS_TOKEN= python ...), which instructs embedding secrets verbatim in executed commands and risks exfiltration.