codex

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill automatically reads and injects project files and code (e.g., config, auth files, code snippets) into constructed prompts and outputs (including code examples) without instructing redaction, so any hard-coded API keys or tokens present in those files could be included verbatim in prompts/responses and exfiltrated.