review-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs the agent to extract and output verbatim quotes from user-provided reviews (collecting exact word-for-word phrases), so if any review contains secret values (API keys, tokens, passwords, cookies) the LLM would be required to reproduce them, enabling potential exfiltration.