build-things

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to run a script that prints a redemption URL containing a time-based HMAC token (derived from an embedded secret) and to copy that output verbatim and open it, which requires handling and outputting a secret-derived token directly.