autoresearch

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly asks the user to provide the exact metric command and records/echoes it (in the setup confirmation and logs) and then runs it, so if that command contains API keys/tokens/passwords the model will reproduce and log those secret values verbatim, creating exfiltration risk.