apply

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the agent to accept or fetch SDK keys (via user paste or MCP) and write them into .env or other files (or otherwise wire them into the repo), which requires the LLM to handle and embed secret values verbatim in generated file edits/outputs even though it warns not to echo them in chat.