setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to AskUserQuestion for a webhook URL and then run a command embedding that URL as a command-line argument (npm run generate:http-hooks -- --write), which requires the LLM to handle and emit a secret value verbatim (high exfiltration risk).