workflow-orchestrator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The workflow instructs agents to read config/files and include "full context + files" in TaskCreate/send messages (and to load ~/.claude/... and project-config.yaml), which can force the LLM to embed secrets from those files verbatim into generated task descriptions/messages — an exfiltration risk.