langchain-architecture

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples where agents persist and later recall user-provided sensitive values (e.g., the test storing "the code is 12345" and earlier memory examples) and shows hardcoded connection strings/env-value assignments (e.g., "postgresql://user:pass...", os.environ["LANGCHAIN_API_KEY"]="your-api-key"), which would require the LLM to handle or echo secrets verbatim and thus poses a high exfiltration risk.