safe-mode

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly echoes intercepted shell commands verbatim in warnings (e.g., "Command: rm -rf ./build"), so if a user runs commands containing secrets (curl with Authorization headers, API keys on the command line, etc.) the LLM would see and output those secret values, creating an exfiltration risk.