skill-to-prompt

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires reading and embedding entire SKILL.md, references/, and scripts/ content (and may ask users to paste files) into generated JSON/.docx outputs, which can include API keys or other secrets that would be reproduced verbatim—creating a direct exfiltration risk.