owasp-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to grep for hardcoded secrets and include "Vulnerable Code" snippets in the report, so if the provided source contains API keys/passwords the model will reproduce them verbatim, creating an exfiltration risk.