research-publishing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly instructs scanning for API keys/tokens/credentials and producing an "audit report" of sensitive content found, which naturally encourages reporting matched secret strings unless redaction is enforced, creating a substantial exfiltration risk.