autonomous-delivery

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask for environment variables/secrets (API keys, tokens) and then "write values into .env, config files, or placeholder locations" after the user replies, which requires the LLM to include secret values verbatim in its outputs and thus creates an exfiltration risk.