google-spaces-updates

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to ask for and store the Google Chat webhook URL and to substitute that exact URL into generated curl commands and a settings file, which requires the LLM to handle and output a secret value verbatim (high exfiltration risk).