cmd-pr-test-plan

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs placing environment variables inline in copy-paste commands (e.g., "For commands requiring env vars, put them inline"), which encourages embedding secrets (API keys, tokens, passwords) verbatim in the generated output and therefore enables secret exfiltration.