skill-optimizer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read files under references/, assets/, and scripts/ and to include file contents and unified diffs in diagnostic reports and previews, which can cause any embedded secrets (API keys, tokens, passwords) to be reproduced verbatim in the agent's output, creating an exfiltration risk.