stitch-downloader

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires using signed screenshot.downloadUrl values (signed URLs) in curl/script arguments and flow steps, which would require the agent to include those secret URLs verbatim in generated commands or outputs (exfiltration risk), even though it warns not to commit them.