codemap

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs agents to read files like .env* and "read actual files" to populate written documents without any redaction rules, which forces the LLM to handle (and likely write) secret values into output files—creating a high exfiltration risk.