cognito

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt contains multiple code examples that hard-code client secrets, passwords, and tokens (e.g., 'client-secret', Password='SecurePassword123!', REFRESH_TOKEN values), which encourages embedding real secrets verbatim in commands or code and therefore creates an exfiltration risk.