env-validator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs the agent to read .env files and its example report and fixes show verbatim variable values (e.g., SECRET_KEY=changeme, DATABASE_URL=postgresql://user:pass...), so an LLM operating this skill could include actual secret values from .env in its output.