posthog-install-auth

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs embedding the API key directly into shell commands and .env files (e.g., export POSTHOG_API_KEY="your-api-key" and echo 'POSTHOG_API_KEY=...'), which would require the LLM to include secret values verbatim if populated and therefore poses an exfiltration risk.