code-ocr

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs the model to transcribe code/config screenshots and to output the OCR results (with cross-validation) — which will include any API keys or passwords present in images verbatim — so even though env‑var setup is shown, the LLM is still required to handle and emit secrets from screenshots.