rlm

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The RLM prompts explicitly pass raw file/chunk contents into background_agent prompts (e.g., "Analyze ...: {content}...") and aggregate their outputs, which can cause embedded API keys/passwords/cookies in those files to be returned verbatim — the skill does not mandate safe redaction or use of env-based secrets, so exfiltration is likely.