byterover-headless

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to ask the user for an API key and shows using it directly as a command-line argument (brv login --api-key ), which requires embedding the secret verbatim in generated commands and poses exfiltration risk.