instrument-feature-flags

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to retrieve or ask the user for the PostHog project API token and write it into env files (or embed it into configuration), which requires handling and potentially outputting secret values verbatim.