ralph

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to embed the user's "original request/prompt" verbatim into shell heredocs and JSON (e.g., PROMPTEOF/jq --arg prompt "$PROMPT"), which will force any secrets contained in the user's prompt to be output and stored verbatim — a direct exfiltration risk.