fork

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The workflow explicitly captures and prints remote URLs and environment/gh outputs and then requires synthesizing and presenting those detected values (e.g., {url}, ORIGIN_URL, mise env results), so if any of those contain embedded credentials or tokens the agent would output them verbatim, creating an exfiltration risk.