image-ocr

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the model (e.g., Claude snippet) to "Extract ALL text from this image exactly as it appears" and "Return only the extracted text," which forces the LLM to output any secrets (API keys, tokens, passwords) present in images verbatim.