eval-session-scorecard

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's output schema requires including full "user_message" and "assistant_message" verbatim in the JSON, so any secrets present in the transcript (API keys, tokens, passwords) would be emitted directly, creating an exfiltration risk.