agent-sandbox

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's example and toolkit require the agent to emit RPC/command payloads containing env_vars (e.g., API_KEY: "key") and file contents, meaning any real API keys or passwords provided would be included verbatim in the agent's generated mcp calls/outputs and thus exposed.