hook-event-architecture

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly injects raw event payloads (tool_input/tool_output) into an LLM summarization call and broadcasts/logs full event.dict(), which can cause secrets contained in those payloads to be sent to and output by the model or surfaced verbatim to clients—an explicit secret-exfiltration risk.