a6-plugin-jwt-auth

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains concrete secret strings and shows embedding secrets/tokens directly into API requests and credential JSON (e.g., "secret":"alice-secret-minimum-32-chars-long", Bearer tokens), so an agent following it would need to insert secret values verbatim into outputs, creating exfiltration risk.