tldr-stats

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill tells the agent to run a local stats script and "copy the full output into your response" verbatim, which would force the LLM to reproduce any secrets (API/session tokens, keys, cookies) present in that output—an explicit exfiltration risk.