baoyu-infographic

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly requires preserving all source data verbatim and copying content into structured files and generation prompts, so if the user's source contains API keys/passwords/cookies the LLM will output those secret values verbatim (and include them in downstream calls), creating an exfiltration risk.