logophile

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt's defaults and invariants require preserving "must-keep" tokens (numbers, quotes, code/identifiers) and set must_keep=all facts/numbers/quotes/code/identifiers, so if a user input contains secrets (API keys, tokens, passwords) the skill would be instructed to reproduce them verbatim, creating an exfiltration risk.