pushover-notify

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt demonstrates and documents running the script by placing PUSHOVER_APP_TOKEN and PUSHOVER_USER_KEY inline in a command (PUSHOVER_APP_TOKEN=... PUSHOVER_USER_KEY=...), which encourages embedding secrets verbatim in generated commands and thus creates an exfiltration risk even though it advises not to hardcode them.