salvo-csrf

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill prompt includes hard-coded secret-like byte strings (e.g., 32-byte keys and long session secret literals) embedded directly in example code, which instructs placing secrets in outputs and could lead the LLM to reproduce secret values verbatim.