opencode-session-db

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill directs the agent to read and output raw session/part data (including tool inputs/outputs and text snippets) from the local SQLite DB, which can contain API keys, tokens, or passwords and therefore forces the model to emit secret values verbatim.