grepai-mcp-cursor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill includes an explicit example of embedding an API key ("OPENAI_API_KEY": "sk-...") directly into the MCP JSON config, which encourages placing secrets verbatim in files/outputs rather than keeping them in environment or secret stores.