template-renderer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill performs direct {{TOKEN}} → value substitution and even logs "tokens used" to memory, so any secret provided as a token would be output verbatim (sanitization only strips certain characters) and persisted — creating an exfiltration risk.