bmad-init

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill directs collecting arbitrary user-provided config values and passing them as raw JSON on command-line flags (e.g., --answers '{...}' and --core-answers '{...}'), which would require the agent to include secret values verbatim in generated commands/outputs if any variables are secrets.