workflow-management

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows and instructs embedding secrets into commands (e.g., curl -H "Authorization: ${secret:API_KEY}" and ${secret:slack.webhook_url}), which requires the agent to insert or output secret values verbatim into generated shell/HTTP requests, creating an exfiltration risk.