project-analyzer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to extract and document configuration values (datasource URLs, Nacos/Nacos server/address, environment variables, etc.) from config files and present key configuration details, which can include plaintext credentials (DB passwords, API keys, tokens) and thus requires outputting secrets verbatim.