custom-code-management

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires the agent to accept and pass user-provided script sourceCode verbatim to the MCP (via add_inline_site_script), so any embedded API keys or secrets in that script would be included directly in the agent's output/requests and thus risk exfiltration.