hooks

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly reads .claude/settings.json and must preserve and write back all non-hook fields exactly, which forces the agent to read and re-output any secret values present in that file verbatim (exfiltration risk).