pachca-security

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires using an Authorization: Bearer token in requests, shows curl examples with the token header, and tells the agent to ask the user for the token if unknown, which forces the LLM to receive and embed secret values verbatim in generated commands/requests.