rules-capture

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs the agent to record the user's "Exact quote" verbatim into persistent files (and echo captured rules back), so if a user utters an API key/password/token it would be stored/output verbatim — creating a high exfiltration risk.