agent-skill-discovery

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill reads and prints configuration fields (e.g., .mcp.json "command" and "args") verbatim in generated output with no redaction rules, so any API keys or tokens present in those files would be exfiltrated by the LLM.