ralph-security

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly instructs the agent to detect and report secrets, scan .env/uncommitted sensitive files, and read actual code for verification but gives no guidance to redact or avoid echoing secret values, so it can require including secrets verbatim in outputs.