write-skill-readme

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs reading config.yaml and scripts/ and to include "硬编码用法" (hard-coded usage) in the README, which can require copying command lines or config snippets verbatim (potentially containing API keys/secrets) and provides no sanitization guidance, so it risks exposing secrets.