env-var-hygiene

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt contains example secret-like literals (e.g., sk_live_xxx, whsec_xxx) and explicit command patterns that pipe or embed secrets into CLI invocations (printf 'secret' | vercel env add, npx convex env set --prod KEY "$(printf '%s' "$TOKEN")"), which encourages producing or echoing secret values verbatim in generated commands—an exfiltration risk.