writeup-generator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to read local files (solve scripts, work/, dist/) and include "actual command output" and "Flag capture with actual output" in the writeup, which requires reproducing secret values (flags, tokens, or any credentials present) verbatim in the generated output, creating an exfiltration risk.