smoke-test

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly tells the agent to ask the user for an LLM API key if not found and to create a .env file with the provided key, which requires the agent to accept and embed the secret verbatim (exfiltration risk).