Hooks Automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill repeatedly constructs and emits CLI commands and stores/forwards arbitrary file and command content via interpolations like '${tool.params.command}' and JSON.stringify(...) (including examples touching production.env), so an agent would need to echo user-supplied command/file contents verbatim and could therefore exfiltrate secrets if those inputs contain API keys or passwords.