jira-defect-analysis

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks for Jira credentials (allowing "直接提供"), uses keyflow_get_env_snippet(..., mask_values=false) to retrieve unmasked secrets, and includes curl examples that embed $EMAIL:$TOKEN, which encourages inserting secret values verbatim into commands/outputs.