mcp-installer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly tells the agent to ask for/provide secret fields and to embed MCP configs (including potential secrets) into JSON or base64-encoded Trae deep-links, which would require the LLM to output secret values verbatim.