spec-kitty-accept

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires collecting validation commands verbatim and appending/displaying them (e.g., as --test "" and in the output), so any embedded API keys, tokens, or passwords in those commands would be reproduced by the LLM and could be exfiltrated.