run-and-triage

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill tells the agent to run provided commands "as-is" and capture stdout/stderr, so if those commands or their outputs contain API keys, tokens, or passwords the agent will handle and likely return them verbatim, creating an exfiltration risk.