foundry-security-spec

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The spec explicitly records and publishes raw evidence (code_snippet, reproduction_steps, reproduction_evidence, transcripts) into findings and issue descriptions—so if those artifacts contain API keys/passwords/cookies from the scanned target, the agent is required to include them verbatim in outputs (even though config tokens are shown as env vars), creating an exfiltration risk.