codebuddy-deploy

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes hard-coded credentials and a bearer token in example test and config files (e.g., "Test1234!", "Bearer test-token") and asks the agent to generate deploy/test scripts that could embed such secrets verbatim instead of exclusively using env vars, so the LLM may be required to output secret values.