1password

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs collecting user API keys and embedding them verbatim into generated CLI commands (e.g., op item create "credential={API Key}") and includes examples to reveal plaintext, so the LLM would need to handle/output secret values directly — an exfiltration risk.