homey

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes explicit examples that echo API keys/tokens into CLI commands (e.g., echo "<LOCAL_API_KEY>" | homeycli auth set-local --stdin), which would require an agent to insert secret values verbatim into generated commands/outputs, creating an exfiltration risk.