forbid

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The script accepts arbitrary phrases as input and writes/echoes them verbatim into the config and stdout (e.g., "Added to forbidden list: $ARGS" and listing items), so if a user supplies an API key/password the agent will output that secret directly, enabling exfiltration.