code-trace

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires showing "Code: Full source (no abbreviation)" and persists trace state in memory, which forces the LLM to read and potentially output verbatim file contents (including any embedded API keys, tokens, or plaintext passwords), creating a high exfiltration risk.