wechat-article

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks the user for appid/appsecret and the docs/showed publish command include --appid/--appsecret flags (direct CLI args), which requires embedding secret values verbatim into generated commands, creating exfiltration risk.