discord-bot

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to produce "the complete curl command" with "All variables resolved (webhook URL, channel ID, etc.)" while examples use $DISCORD_WEBHOOK_URL and $DISCORD_BOT_TOKEN (including Authorization headers), which forces secrets (webhook URLs or bot tokens) to be output verbatim — an exfiltration risk.