analyzing-macro-malware-in-office-documents

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly instructs extracting and printing deobfuscated VBA source, command strings, and URLs verbatim (e.g., printed deobfuscated code and encoded/decoded commands), so any hard-coded credentials or tokens present in a document would be reproduced by the LLM and could be exfiltrated.