things-mac

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt instructs passing an auth token via --auth-token in example commands (and shows use of a THINGS_AUTH_TOKEN value), which encourages embedding secret values verbatim in generated CLI commands/outputs and thus creates an exfiltration risk.