dev-kit-init

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs the agent to scan configs/envs and to request "secrets" from inputs without any guidance to avoid embedding them, so the agent could read or ask for API keys and then include those values verbatim in generated docs or example commands (exfiltration risk).