agent-skill-discovery

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). This skill reads config files (e.g., .mcp.json) and explicitly outputs command and args verbatim in the catalog, so if those files contain API keys, tokens, or passwords the LLM would be required to include them in its generated output, creating an exfiltration risk.