llm-secrets

The skill's stated purpose to enumerate and fetch secrets is inherently dangerous and incongruent with safe developer tooling unless tightly constrained. Without explicit access controls, auditability, and output sanitization, this capability is prone to credential leakage and exfiltration. It should be considered suspicious and require strict safeguards (scope restrictions, user-permission prompts, redacted displays, and no stdout exposure of secret values) before any legitimate use.