senior-backend

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples that place API bearer tokens and auth values directly in CLI commands/headers (e.g., --header "Authorization: Bearer token123"/"tok_abc123") and uses connection strings inline, which encourages embedding secrets verbatim in generated commands/outputs and creates exfiltration risk.