intelligems-morning-brief

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks the user for an Intelligems API key and Slack webhook URL and instructs saving them via echo into .env and passing them as command-line arguments (e.g., echo "INTELLIGEMS_API_KEY=<user's key>" and python3 brief.py --slack "<webhook_url>"), which requires the LLM to include secret values verbatim in generated commands — creating an exfiltration risk.