gitlab-webhook

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes concrete command examples that embed secret tokens and webhook URLs directly (e.g., -f token="my-secret-token", Slack webhook URL), which instructs the agent to place secret values verbatim into generated commands/requests, creating an exfiltration risk.