macos-notes

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to construct and echo JSON containing arbitrary note bodies (e.g., via echo '{"body":"..."}' | script), which requires embedding any user-supplied secrets verbatim into generated shell commands/outputs, creating an exfiltration risk.