jgi-lakehouse

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly requires a DREMIO_PAT and instructs authenticating to Dremio with a PAT (and lists it as an input), which implies the agent may need to accept and embed the secret verbatim in generated requests/commands unless a secure mechanism (env vars/CLI) is mandated — creating an exfiltration risk.