team-brief

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly tells the agent to read an API token file (cat .claude/settings/hackmd-token) and use it in HTTP Authorization headers/curl requests, which requires the agent to handle and embed a secret value for API calls (exfiltration risk).