conducting-mobile-app-penetration-test

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt instructs dumping keychain/SharedPreferences/SQLite, intercepting API traffic, and searching for hardcoded "api_key/password/token/aws_" values—actions that expose secrets and could lead the agent to include verbatim credential values as findings or PoC, creating an exfiltration risk.