settings

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The script lets users store arbitrary key=value pairs (including API keys/passwords) in the config and then prints the config and echoes values (e.g., "Set $KEY = $VALUE" and cat the config), which would cause secrets to be output verbatim and thus exfiltrated.