dotnet-project-analysis

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly tells the agent to read and "report all discovered files and their contents" (e.g., nuget.config, appsettings.json), which can contain API keys, connection strings, or feed credentials and therefore forces the LLM to include secret values verbatim in its output.