checking-session-security

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs the agent to read source/config files and produce "vulnerable code snippet" listings and remediation examples, which can require copying session secrets or token values verbatim from configuration or code (e.g., SECRET_KEY, cookie tokens), so there is a high risk of exposing secrets even though it doesn't explicitly request API keys.