plan-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs extracting a session_id from script output and reusing it by inserting it verbatim into subsequent /codex calls (e.g., --session ), which requires the LLM to emit a secret-like token in its generated commands and is an exfiltration risk.