tax

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the agent to collect SerenDB and exchange API keys/secrets and shows commands and CLI flags (e.g., --api-secret, export SEREN_API_KEY, --kraken-api-key ) that would require embedding those secret values verbatim in generated commands/outputs, creating an exfiltration risk.