vision

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's OCR and form-processing instructions explicitly require extracting and outputting all visible text and structured field values (e.g., JSON/CSV/markdown) from images — which would include API keys, tokens, or passwords present in an image — and it does not require redaction or alternative secure handling, creating a direct exfiltration risk.