hooks

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read .claude/settings.json, preserve ALL non-hook fields exactly, and write back the complete JSON, which forces the agent to handle and output any embedded secret values verbatim (e.g., API tokens or cookies) when generating the file content.