pdf

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill includes examples and workflows that pass passwords as command-line arguments (e.g., --password "secret") and instruct decrypting only when the user provides the password, which would require the LLM to accept and embed secret values verbatim in generated commands or scripts.