finding-security-misconfigurations

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly directs finding hardcoded credentials and "API keys in config files" and requires affected-file/line, before/after config snippets and verification commands — which would typically cause the LLM to read and output secret values verbatim (or prompt for decrypted configs), creating exfiltration risk.