lib-distill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs the agent to read source files and extract configuration defaults, constants, and config values into reference and SKILL outputs, which would cause any hard-coded API keys/secrets present in the code to be copied verbatim into generated files (an exfiltration risk).