container-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly instructs finding and showing secret-containing artifacts (e.g., greps for Secrets, ENV lines with long values, and a "Vulnerable config" YAML snippet in the report) which can require the LLM to read and emit secret values (base64 secrets, API tokens, env var values) verbatim, creating an exfiltration risk.