software-docs

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs the agent to "explore" user-shared repos and produce copy-pasteable commands/configs (including .env variables like DATABASE_URL or JWT_SECRET), which can lead the LLM to extract and embed secret values verbatim if they appear in the codebase or provided files.