dotnet-project-analysis

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to "report all discovered files and their contents" for nuget.config (and to list package sources), which can include cleartext credentials or API keys (e.g., packageSourceCredentials/ClearTextPassword), forcing the LLM to output secrets verbatim.