things-mac

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt shows and encourages passing an auth token directly on the command line (e.g., --auth-token ) and contains placeholders that would lead an agent to include user secrets verbatim in generated commands, which is an insecure credential-handling pattern.