add-skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly tells authors to "include realistic examples with actual flag values, not placeholders" and to put every CLI invocation in code blocks, which encourages embedding real API keys, tokens, or passwords verbatim in skill docs/agent output.