deslop

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly greps for secret patterns (sk-..., AKIA..., ghp_..., private keys) and instructs the agent to "verify by reading the flagged line before reporting" without any redaction guidance, which requires the LLM to load and likely output secret values verbatim—an exfiltration risk.