security-docker

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill prompt includes literal secret-looking values (e.g., sk_live_abc123, postgres://user:password@host/db) and instructs auditing and reporting of secrets in Dockerfiles/images, which encourages the agent to read and potentially echo secret values verbatim in its output.