example-argument-substitution

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill explicitly captures positional arguments and injects them verbatim into XML tags, prose, command lines, and code examples, so any secret provided as an argument would be reproduced in the agent's output (exfiltration risk).