mcp-config

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill's examples and workflows instruct creating or editing config files and command args that directly embed API keys and tokens (e.g., "API_KEY=your-api-key", env entries like "UNSPLASH_ACCESS_KEY"), which would require the agent to include user-provided secrets verbatim in generated files/commands.