docker-sandbox

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed real-looking tokens and instruct injecting secret values verbatim into commands/heredocs (e.g., -e "CLAUDE_CODE_OAUTH_TOKEN=$TOKEN" and inserting ${AUTH} into a heredoc), which forces the agent to handle and output secrets directly.