zotero-rag

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to ask for the user's Zotero Library ID/key and to write those values directly into the .mcp.json configuration (embedding secrets like ZOTERO_LOCAL_KEY verbatim), which requires the LLM to handle and output secret values.