deobfuscating-javascript-malware

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs decoding and printing obfuscated string literals and extracted IOCs (exfil URLs, payload contents) so the agent will output any secret tokens, API keys, passwords, or other sensitive values found verbatim during deobfuscation.