hunt-session

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill repeatedly instructs capturing real session cookies, refresh tokens and JWTs and then embedding those secret values verbatim into curl commands/headers/JSON payloads (e.g., -H "Cookie: $SESSION_A", -d "{"refresh_token":"$RT1"}"), which requires the LLM/agent to handle and output secrets directly.