learn

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill explicitly instructs the agent to search the user's codebase and show code snippets (paths and line numbers) without any redaction guidance, so any embedded API keys, tokens, or passwords would be displayed verbatim and thus pose a direct exfiltration risk.