act-workflow-syntax

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples that embed secrets verbatim (e.g., a .secrets file with GITHUB_TOKEN=ghp_your_token_here and CLI usage act -s GITHUB_TOKEN=ghp_token -s API_KEY=key), which instructs outputting or copying secret values directly and therefore creates an exfiltration risk.