pdf

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill includes examples that embed plaintext passwords in code and a CLI example passing a password as a command-line argument (qpdf --password=mypassword and writer.encrypt("userpassword", "ownerpassword")), which instructs handling secrets verbatim and is an insecure pattern that could lead to exfiltration.