gsd-thread

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to embed the user-provided {{GSD_ARGS}} verbatim into shell commands, file contents, and commit messages (e.g., generate-slug "{{GSD_ARGS}}", cat > ".planning/threads/${SLUG}.md", commit "...${ARGUMENTS}"), which would force the LLM to output any secrets the user includes as-is.