pbi-mockup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt's mandatory "Evidence Gate" requires file:line proofs for every claim, which forces the agent to quote file contents verbatim (e.g., project-config.json or other repo files) and therefore risks exfiltrating any embedded API keys/secrets present in those files.