code-safety-scanner

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs scanning for hardcoded API keys, tokens, and "Authorization: Bearer" values and produces a findings report without any redaction guidance, which implies the LLM would identify and likely output secret values verbatim (exfiltration risk).