message-injector

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill copies extracted values from a provided source text directly into a template and returns the result verbatim, so if the source contains API keys, tokens, or passwords the LLM will output them unchanged, creating an exfiltration risk.