pre-plan

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt doesn't explicitly request secrets, but it directs the agent to read external docs in full and to "capture" and immediately write any user-nominated implementation details into the persistent pre-plan, so if a user or referenced file contains API keys, passwords, or tokens the agent would include them verbatim and persist them, creating an exfiltration risk.