create-site

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs asking the user for IMS/GitHub tokens and embedding them into Authorization headers and curl commands (e.g., -H "Authorization: Bearer {{DA_TOKEN}}"), which requires the agent to accept and output secret values verbatim — a high exfiltration risk.