awiki-id

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's canonical commands and examples explicitly instruct putting sensitive values (phone numbers, OTPs, recovery credentials) directly into command-line flags (e.g., --otp, --phone), which would require the agent to handle and emit secret values verbatim in its output.