prophet-growth-agent

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to extract a JWT from browser localStorage and "pass it as PROPHET_SESSION_TOKEN" (and shows exporting env vars with token examples), which requires handling and potentially outputting the secret value verbatim—an exfiltration risk.