skill-voter

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill reads a GitHub token from /workspace/.github_token and embeds it directly into Authorization headers for API requests, which requires the agent to handle (and could cause it to output) secret values verbatim in generated requests or logs.