aif-plan

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly reads HANDOFF_TASK_ID from the environment or input and mandates inserting it verbatim into the plan file annotation and into MCP calls (taskId fields), which requires the model to output whatever value is in that variable and thus can exfiltrate secrets.