project-estimation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user for a Jira API token and email and provides curl/bash examples and an auto-generated script that embed those credentials (e.g., JIRA_TOKEN/JIRA_EMAIL used with -u), which would require the LLM to include secret values verbatim in generated output.