asc-review-detail

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's examples and update command accept and show demo-account-password as a command-line flag (even with a literal "secret"), which requires the LLM to include user passwords verbatim in generated commands—an insecure pattern that risks secret exfiltration.