astro-expert

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The mandatory Memory Protocol instructs the agent to run "cat .claude/context/memory/learnings.md" before starting, which forces it to output the contents of a local file (potentially containing API keys/secrets) verbatim and thus creates an exfiltration risk, even though other parts recommend environment-variable handling.