spec-kitty-accept

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to "collect each command verbatim" and to append those commands into CLI arguments (e.g., --test "") and run them, which forces any embedded API keys, bearer tokens, or passwords in those commands to be included verbatim in the agent's constructed output/commands, creating an exfiltration risk.